|
269851
|
9.8 |
CRITICAL
Network
|
ibm
|
websphere_mq_jms
|
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-0360
|
2024-11-21 11:41 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269852
|
5.4 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
|
CWE-79
Cross-site Scripting
|
CVE-2016-0310
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269853
|
4.3 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
|
CWE-284
Improper Access Control
|
CVE-2016-0308
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269854
|
4.3 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
|
CWE-200
Information Exposure
|
CVE-2016-0307
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269855
|
5.4 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execut…
|
CWE-79
Cross-site Scripting
|
CVE-2016-0305
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269856
|
7.8 |
HIGH
Local
|
ibm
|
bigfix_platform
|
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be exe…
|
CWE-284
Improper Access Control
|
CVE-2016-0214
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269857
|
5.3 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to …
|
CWE-200
Information Exposure
|
CVE-2016-0210
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269858
|
3.3 |
LOW
Local
|
ibm
|
cloud_orchestrator
|
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
|
CWE-20
Improper Input Validation
|
CVE-2016-0206
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269859
|
5.5 |
MEDIUM
Local
|
ibm
|
cloud_orchestrator
smartcloud_orchestrator
|
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual …
|
CWE-200
Information Exposure
|
CVE-2016-0203
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269860
|
3.3 |
LOW
Local
|
ibm
|
cloud_orchestrator
|
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view…
|
CWE-200
Information Exposure
|
CVE-2016-0202
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
