CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2016-6092 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
752 CVE-2016-6090 DoS 2017-02-01 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service.
753 CVE-2016-6085 284 2017-02-01 2017-02-08
3.3
None Local Network Low Not required None None Partial
IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.
754 CVE-2016-6084 20 2017-02-01 2017-02-07
3.3
None Local Network Low Not required None None Partial
IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.
755 CVE-2016-6082 416 Exec Code 2017-02-01 2017-02-08
10.0
None Remote Low Not required Complete Complete Complete
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.
756 CVE-2016-6080 200 +Info 2017-02-01 2017-02-07
5.0
None Remote Low Not required Partial None None
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
757 CVE-2016-6079 264 2017-02-15 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.
758 CVE-2016-6077 284 Exec Code 2017-02-15 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584.
759 CVE-2016-6072 79 XSS 2017-02-01 2017-02-09
3.5
None Remote Medium ??? None Partial None
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
760 CVE-2016-6068 200 +Info 2017-02-01 2017-02-13
5.0
None Remote Low Not required Partial None None
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
761 CVE-2016-6065 78 Exec Code 2017-02-01 2017-02-07
7.2
None Local Low Not required Complete Complete Complete
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.
762 CVE-2016-6062 79 XSS 2017-02-16 2017-02-22
4.3
None Remote Medium Not required None Partial None
IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065.
763 CVE-2016-6061 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
764 CVE-2016-6060 200 +Info 2017-02-15 2017-02-17
4.0
None Remote Low ??? Partial None None
An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547.
765 CVE-2016-6059 611 DoS 2017-02-01 2017-02-08
7.5
None Remote Low ??? Partial None Complete
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
766 CVE-2016-6055 79 XSS 2017-02-23 2017-02-24
3.5
None Remote Medium ??? None Partial None
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515.
767 CVE-2016-6054 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
768 CVE-2016-6047 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
769 CVE-2016-6046 79 XSS 2017-02-01 2017-02-09
3.5
None Remote Medium ??? None Partial None
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
770 CVE-2016-6045 352 CSRF 2017-02-01 2017-02-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
771 CVE-2016-6044 284 2017-02-01 2017-02-09
4.0
None Remote Low ??? None Partial None
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.
772 CVE-2016-6043 384 2017-02-01 2017-02-09
4.4
None Local Medium Not required Partial Partial Partial
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.
773 CVE-2016-6042 119 Exec Code Overflow 2017-02-01 2017-02-09
9.3
None Remote Medium Not required Complete Complete Complete
IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim.
774 CVE-2016-6040 384 2017-02-01 2017-02-08
6.0
None Remote Medium ??? Partial Partial Partial
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.
775 CVE-2016-6039 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
776 CVE-2016-6034 200 +Info 2017-02-01 2017-02-13
4.0
None Remote Low ??? Partial None None
IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.
777 CVE-2016-6033 352 CSRF 2017-02-15 2017-11-08
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545.
778 CVE-2016-6032 79 XSS 2017-02-08 2017-02-15
3.5
None Remote Medium ??? None Partial None
IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
779 CVE-2016-6030 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
780 CVE-2016-6028 264 2017-02-01 2017-02-07
4.0
None Remote Low ??? Partial None None
IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.
781 CVE-2016-6020 601 +Info 2017-02-01 2017-02-09
5.8
None Remote Medium Not required Partial Partial None
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
782 CVE-2016-6001 918 2017-02-01 2017-02-15
3.5
None Remote Medium ??? Partial None None
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
783 CVE-2016-6000 79 XSS 2017-02-01 2017-02-08
4.3
None Remote Medium Not required None Partial None
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
784 CVE-2016-5994 200 +Info 2017-02-01 2017-07-29
4.0
None Remote Low ??? Partial None None
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.
785 CVE-2016-5990 284 2017-02-01 2017-02-07
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.
786 CVE-2016-5988 200 +Info 2017-02-01 2017-02-07
4.0
None Remote Low ??? Partial None None
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
787 CVE-2016-5985 119 Exec Code Overflow 2017-02-01 2017-02-13
7.2
None Local Low Not required Complete Complete Complete
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.
788 CVE-2016-5984 79 XSS 2017-02-01 2017-02-13
4.3
None Remote Medium Not required None Partial None
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.
789 CVE-2016-5980 79 XSS 2017-02-01 2017-02-09
3.5
None Remote Medium ??? None Partial None
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
790 CVE-2016-5966 200 +Info 2017-02-01 2017-02-07
4.3
None Remote Medium Not required Partial None None
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
791 CVE-2016-5964 284 2017-02-01 2017-02-13
5.0
None Remote Low Not required Partial None None
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
792 CVE-2016-5958 200 +Info 2017-02-01 2017-02-07
5.0
None Remote Low Not required Partial None None
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information.
793 CVE-2016-5953 200 +Info 2017-02-01 2017-02-15
4.3
None Remote Medium Not required Partial None None
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.
794 CVE-2016-5952 89 Sql 2017-02-01 2017-02-08
6.5
None Remote Low ??? Partial Partial Partial
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
795 CVE-2016-5951 79 XSS 2017-02-01 2017-02-08
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
796 CVE-2016-5950 255 2017-02-01 2017-02-09
4.0
None Remote Low ??? Partial None None
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
797 CVE-2016-5949 254 2017-02-01 2017-02-09
4.0
None Remote Low ??? Partial None None
IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.
798 CVE-2016-5948 79 XSS 2017-02-01 2017-02-09
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
799 CVE-2016-5942 79 XSS 2017-02-01 2017-02-05
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
800 CVE-2016-5941 22 Dir. Trav. 2017-02-01 2017-02-05
3.5
None Remote Medium ??? Partial None None
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
Total number of vulnerabilities : 1041   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.