Skip to main content
CVE-2016-6034 MEDIUM PATCH This Month

IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM VMware Information Disclosure Tivoli Storage Manager For Virtual Environments Data Protection For Vmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2016-8933 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Kenexa Lms
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-8913 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-6126 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-3027 MEDIUM PATCH This Month

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware +1
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-5994 MEDIUM PATCH This Month

IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-5988 MEDIUM PATCH This Month

IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-5950 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Kenexa Lcms Premier
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-3022 MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2016-6084 MEDIUM PATCH This Month

IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service IBM Bigfix Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6085 MEDIUM PATCH This Month

IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Bigfix Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6110 MEDIUM PATCH This Month

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

VMware IBM Authentication Bypass Tivoli Storage Manager Tivoli Storage Manager For Virtual Environments Data Protection For Vmware
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2016-5939 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2016-5990 MEDIUM PATCH This Month

IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Privileged Identity Manager
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2016-9963 MEDIUM This Month

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Exim Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.9
EPSS
1.7%
CVE-2016-9704 MEDIUM PATCH This Month

IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Identity Manager Virtual Appliance
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5881 MEDIUM This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6113 MEDIUM This Month

IBM Verse is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5884 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5882 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2939 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2938 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6020 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect IBM Sterling B2b Integrator
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-9000 MEDIUM PATCH This Month

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Datastage Infosphere Information Server On Cloud
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3018 MEDIUM This Month

IBM Security Access Manager for Web is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Access Manager Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8922 MEDIUM This Month

Exphox WebRadar is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Content Manager Production Analytics Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6000 MEDIUM PATCH This Month

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8936 MEDIUM PATCH This Month

IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Social Rendering Templates For Digital Data Connector
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5984 MEDIUM PATCH This Month

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8961 MEDIUM This Month

IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5966 MEDIUM PATCH This Month

IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-3043 MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile +1
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-8918 MEDIUM PATCH This Month

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Authentication Bypass Integration Bus
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-8966 MEDIUM This Month

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-5941 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Kenexa Lms
NVD
CVSS 3.0
5.7
EPSS
0.5%
CVE-2016-2941 MEDIUM This Month

IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-0371 MEDIUM PATCH This Month

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-8981 MEDIUM This Month

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8963 MEDIUM This Month

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-8967 MEDIUM This Month

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-5980 MEDIUM PATCH This Month

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8929 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8999 MEDIUM PATCH This Month

IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Datastage Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-5880 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-5940 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2992 MEDIUM PATCH This Month

IBM Infosphere BigInsights is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9731 MEDIUM PATCH This Month

IBM Business Process Manager is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8943 MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8920 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6125 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
5.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy