|
270331
|
6.5 |
MEDIUM
Network
|
ibm
|
cognos_business_intelligence
|
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker c…
|
CWE-611
XXE
|
CVE-2016-0254
|
2024-11-21 11:41 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270332
|
6.1 |
MEDIUM
Network
|
ibm
|
marketing_platform
|
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject ma…
|
CWE-79
Cross-site Scripting
|
CVE-2016-0255
|
2024-11-21 11:41 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270333
|
4.0 |
MEDIUM
Local
|
ibm
|
tealeaf_consumer_experience
|
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as…
|
CWE-200
Information Exposure
|
CVE-2016-0382
|
2024-11-21 11:41 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270334
|
5.4 |
MEDIUM
Network
|
ibm
|
marketing_platform
|
IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to red…
|
CWE-601
Open Redirect
|
CVE-2016-0228
|
2024-11-21 11:41 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270335
|
9.8 |
CRITICAL
Network
|
ibm
|
websphere_mq_jms
|
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-0360
|
2024-11-21 11:41 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270336
|
5.4 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
|
CWE-79
Cross-site Scripting
|
CVE-2016-0310
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270337
|
4.3 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
|
CWE-284
Improper Access Control
|
CVE-2016-0308
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270338
|
4.3 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
|
CWE-200
Information Exposure
|
CVE-2016-0307
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270339
|
5.4 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execut…
|
CWE-79
Cross-site Scripting
|
CVE-2016-0305
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270340
|
7.8 |
HIGH
Local
|
ibm
|
bigfix_platform
|
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be exe…
|
CWE-284
Improper Access Control
|
CVE-2016-0214
|
2024-11-21 11:41 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
