CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1155 200 +Info 2017-03-20 2017-03-23
4.0
None Remote Low Single system Partial None None
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.
2 CVE-2017-1154 200 +Info 2017-03-31 2017-04-04
4.0
None Remote Low Single system Partial None None
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.
3 CVE-2017-1143 200 +Info 2017-03-27 2017-03-31
3.5
None Remote Medium Single system Partial None None
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.
4 CVE-2017-1142 200 +Info 2017-03-27 2017-03-31
4.0
None Remote Low Single system Partial None None
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.
5 CVE-2017-1124 200 +Info 2017-03-07 2017-03-09
1.9
None Local Medium Not required Partial None None
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.
6 CVE-2016-9978 200 +Info 2017-04-20 2017-04-26
4.0
None Remote Low Single system Partial None None
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.
7 CVE-2016-9748 200 +Info 2017-02-08 2017-02-15
4.0
None Remote Low Single system Partial None None
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.
8 CVE-2016-9725 200 +Info 2017-03-07 2017-03-08
5.0
None Remote Low Not required Partial None None
IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539.
9 CVE-2016-9720 200 +Info 2017-03-07 2017-03-09
5.0
None Remote Low Not required Partial None None
IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533.
10 CVE-2016-9703 384 +Info 2017-02-01 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.
11 CVE-2016-9697 200 +Info 2017-03-20 2017-03-23
2.1
None Remote High Single system Partial None None
An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960.
12 CVE-2016-8982 200 +Info 2017-02-01 2017-02-13
5.0
None Remote Low Not required Partial None None
IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
13 CVE-2016-8981 200 +Info 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
14 CVE-2016-8977 200 +Info 2017-02-01 2017-02-13
5.0
None Remote Low Not required Partial None None
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
15 CVE-2016-8966 200 +Info 2017-02-01 2017-02-13
4.3
None Remote Medium Not required Partial None None
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
16 CVE-2016-8963 200 +Info 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
17 CVE-2016-8961 601 +Info 2017-02-01 2017-02-13
5.8
None Remote Medium Not required Partial Partial None
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
18 CVE-2016-8940 200 +Info 2017-03-07 2017-03-14
4.0
None Remote Low Single system Partial None None
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
19 CVE-2016-8926 200 +Info 2017-04-14 2017-04-20
4.0
None Remote Low Single system Partial None None
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.
20 CVE-2016-8925 200 +Info 2017-04-14 2017-04-20
6.8
None Remote Low Single system Complete None None
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.
21 CVE-2016-8923 200 +Info 2017-04-20 2017-04-26
4.0
None Remote Low Single system Partial None None
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.
22 CVE-2016-6122 200 +Info 2017-02-01 2017-02-08
4.0
None Remote Low Single system Partial None None
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
23 CVE-2016-6117 200 +Info 2017-02-01 2017-02-10
5.0
None Remote Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.
24 CVE-2016-6116 200 +Info 2017-02-02 2017-02-07
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
25 CVE-2016-6102 200 +Info 2017-03-27 2017-03-29
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.
26 CVE-2016-6099 200 +Info 2017-02-02 2017-02-08
5.0
None Remote Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
27 CVE-2016-6097 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
28 CVE-2016-6094 200 +Info 2017-02-07 2017-02-09
4.0
None Remote Low Single system Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.
29 CVE-2016-6092 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
30 CVE-2016-6080 200 +Info 2017-02-01 2017-02-07
5.0
None Remote Low Not required Partial None None
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
31 CVE-2016-6068 200 +Info 2017-02-01 2017-02-13
5.0
None Remote Low Not required Partial None None
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
32 CVE-2016-6060 200 +Info 2017-02-15 2017-02-17
4.0
None Remote Low Single system Partial None None
An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547.
33 CVE-2016-6034 200 +Info 2017-02-01 2017-02-13
4.0
None Remote Low Single system Partial None None
IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.
34 CVE-2016-6027 79 XSS +Info 2016-10-06 2016-11-28
5.8
None Remote Medium Not required Partial Partial None
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
35 CVE-2016-6026 200 +Info 2016-10-06 2016-11-28
2.9
None Local Network Medium Not required Partial None None
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
36 CVE-2016-6020 601 +Info 2017-02-01 2017-02-09
5.8
None Remote Medium Not required Partial Partial None
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
37 CVE-2016-5994 200 +Info 2017-02-01 2017-02-13
4.0
None Remote Low Single system Partial None None
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.
38 CVE-2016-5988 200 +Info 2017-02-01 2017-02-07
4.0
None Remote Low Single system Partial None None
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
39 CVE-2016-5987 20 +Info 2016-11-30 2016-11-30
5.0
None Remote Low Not required Partial None None
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.
40 CVE-2016-5986 200 +Info 2016-09-30 2016-11-28
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
41 CVE-2016-5976 200 +Info 2016-09-26 2016-11-28
2.6
None Remote High Not required Partial None None
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.
42 CVE-2016-5972 284 +Info 2016-09-26 2016-11-28
4.9
None Remote Medium Single system Partial Partial None
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
43 CVE-2016-5966 200 +Info 2017-02-01 2017-02-07
4.3
None Remote Medium Not required Partial None None
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
44 CVE-2016-5958 200 +Info 2017-02-01 2017-02-07
5.0
None Remote Low Not required Partial None None
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information.
45 CVE-2016-5957 310 +Info 2016-09-26 2016-11-28
5.0
None Remote Low Not required Partial None None
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm.
46 CVE-2016-5953 200 +Info 2017-02-01 2017-02-15
4.3
None Remote Medium Not required Partial None None
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.
47 CVE-2016-5946 200 Dir. Trav. +Info 2016-09-26 2016-11-28
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
48 CVE-2016-5938 200 +Info 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.
49 CVE-2016-5935 200 +Info 2017-02-02 2017-02-15
4.3
None Remote Medium Not required Partial None None
IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
50 CVE-2016-5927 200 +Info 2016-09-12 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.
Total number of vulnerabilities : 527   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.