CVE-2016-0210
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response.
Source: CVE-2016-0210
CVE-2016-0305
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Source: CVE-2016-0305
CVE-2016-0307
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
Source: CVE-2016-0307
CVE-2016-0214
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file.
Source: CVE-2016-0214
CVE-2016-0206
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
Source: CVE-2016-0206
CVE-2016-0308
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
Source: CVE-2016-0308
CVE-2016-8954
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
Source: CVE-2016-8954
CVE-2016-0310
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker’s domain.
Source: CVE-2016-0310
CVE-2016-9005
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user’s password and gain remote access to the system.
Source: CVE-2016-9005
CVE-2015-7494
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
Source: CVE-2015-7494