Skip to main content
CVE-2016-5902 MEDIUM PATCH This Month

IBM Maximo Asset Management is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management Maximo For Aviation Maximo For Energy Optimization +6
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-5933 MEDIUM This Month

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware
NVD GitHub
CVSS 3.0
5.9
EPSS
0.9%
CVE-2016-10212 MEDIUM This Month

Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Alteon
NVD GitHub
CVSS 3.0
5.9
EPSS
0.8%
CVE-2016-0270 MEDIUM PATCH This Month

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix IBM Information Disclosure Client Application Access Domino +1
NVD GitHub
CVSS 3.0
5.9
EPSS
0.5%
CVE-2016-10213 MEDIUM This Month

A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Advanced Core Operating System
NVD GitHub
CVSS 3.0
5.9
EPSS
0.5%
CVE-2016-8492 MEDIUM This Month

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-5900 MEDIUM PATCH This Month

IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tealeaf Customer Experience On Cloud Network Capture Add On
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-0426 MEDIUM This Month

An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0424 MEDIUM This Month

An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0448 MEDIUM PATCH This Month

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nvidia Google Information Disclosure Android Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0425 MEDIUM This Month

An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0421 MEDIUM This Month

An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0414 MEDIUM This Month

An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0420 MEDIUM This Month

An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0413 MEDIUM This Month

An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-0203 MEDIUM PATCH This Month

A vulnerability has been identified in the IBM Cloud Orchestrator task API. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator Smartcloud Orchestrator
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-5013 MEDIUM PATCH This Month

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile Security Access Manager 9 0 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2015-1976 MEDIUM PATCH This Month

IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Authentication Bypass Security Directory Server Tivoli Directory Server
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-0310 MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6032 MEDIUM PATCH This Month

IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1128 MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1127 MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0305 MEDIUM PATCH This Month

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9686 MEDIUM This Month

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Puppet Enterprise
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-0210 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-0423 MEDIUM This Month

An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-8414 MEDIUM This Month

An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Qualcomm Google Information Disclosure Android Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0451 MEDIUM This Month

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Qualcomm Google Information Disclosure Android Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-5918 MEDIUM PATCH This Month

IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM Information Disclosure Tivoli Storage Manager For Space Management
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2015-7493 MEDIUM PATCH This Month

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2015-7418 MEDIUM PATCH This Month

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Extreme Scale
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2016-2866 MEDIUM PATCH This Month

An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-9748 MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-0307 MEDIUM PATCH This Month

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-0308 MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Connections
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy