Skip to main content
CVE-2016-3045 LOW PATCH Monitor

IBM Security Access Manager for Web stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-0297 LOW Monitor

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-5953 LOW PATCH Monitor

IBM Sterling Order Management transmits the session identifier within the URL. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
3.7
EPSS
0.1%
CVE-2016-5938 LOW PATCH Monitor

IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Kenexa Lms
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-0394 LOW PATCH Monitor

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-0296 LOW PATCH Monitor

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-6001 LOW PATCH Monitor

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

SSRF IBM Information Disclosure Forms Experience Builder
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-8942 LOW PATCH Monitor

IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-3046 LOW PATCH Monitor

IBM Security Access Manager for Web is vulnerable to SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
2.7
EPSS
0.1%
CVE-2016-3021 LOW Monitor

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.0
2.7
EPSS
0.1%
CVE-2016-9703 LOW PATCH Monitor

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity.

Session Fixation IBM Information Disclosure Security Identity Manager Virtual Appliance
NVD
CVSS 3.0
2.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy