CVE-2015-7418
IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.
Source: CVE-2015-7418
CVE-2016-5900
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Source: CVE-2016-5900
CVE-2015-7493
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.
Source: CVE-2015-7493
CVE-2016-0203
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
Source: CVE-2016-0203
CVE-2016-5902
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Source: CVE-2016-5902
CVE-2016-0202
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.
Source: CVE-2016-0202
CVE-2016-5918
IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed.
Source: CVE-2016-5918
CVE-2015-1976
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
Source: CVE-2015-1976
CVE-2016-5934
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim’s path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim.
Source: CVE-2016-5934
CVE-2017-1127
IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Source: CVE-2017-1127