2016 VULNERABILITY DATABASE

 

 

 

CVE-2016-2868

Summary: IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published: 7/2/2016 10:59:12 AM

 

CVSS Severity: v3 - 2.7 LOW      v2 - 4.0 MEDIUM

 

CVE-2016-2867

Summary: IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.

Published: 7/2/2016 10:59:11 AM

 

CVSS Severity: v3 - 7.0 HIGH      v2 - 6.9 MEDIUM

 

CVE-2016-2861

Summary: IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Published: 7/2/2016 10:59:10 AM

 

CVSS Severity: v3 - 3.7 LOW      v2 - 4.3 MEDIUM

 

CVE-2016-1440

Summary: The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468.

Published: 7/2/2016 10:59:09 AM

 

CVSS Severity: v3 - 5.3 MEDIUM      v2 - 5.0 MEDIUM

 

CVE-2016-1416

Summary: Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.

Published: 7/2/2016 10:59:08 AM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-1408

Summary: Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

Published: 7/2/2016 10:59:07 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 6.5 MEDIUM

 

CVE-2016-1289

Summary: The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.

Published: 7/2/2016 10:59:06 AM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-0400

Summary: CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Published: 7/2/2016 10:59:05 AM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-0399

Summary: Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Published: 7/2/2016 10:59:04 AM

 

CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

 

CVE-2016-0398

Summary: IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.

Published: 7/2/2016 10:59:03 AM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-0391

Summary: The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Published: 7/2/2016 10:59:02 AM

 

CVE-2016-0387

Summary: Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Published: 7/2/2016 10:59:01 AM

 

CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

 

CVE-2016-0386

Summary: Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.

Published: 7/2/2016 10:59:00 AM

 

CVSS Severity: v3 - 8.0 HIGH      v2 - 6.0 MEDIUM

 

CVE-2016-0375

Summary: JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.

Published: 6/30/2016 9:59:04 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.0 HIGH

 

CVE-2016-0374

Summary: The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.

Published: 6/30/2016 9:59:03 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 6.5 MEDIUM

 

CVE-2016-0365

Summary: IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.

Published: 6/30/2016 9:59:02 PM

 

CVSS Severity: v3 - 5.9 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-0364

Summary: IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.

Published: 6/30/2016 9:59:01 PM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.0 MEDIUM

 

CVE-2016-0362

Summary: IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service.

Published: 6/30/2016 9:59:00 PM

 

CVSS Severity: v3 - 7.7 HIGH      v2 - 4.0 MEDIUM

 

CVE-2016-5307

Summary: Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.

Published: 6/30/2016 7:59:18 PM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.0 MEDIUM

 

CVE-2016-5306

Summary: Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.

Published: 6/30/2016 7:59:17 PM

 

CVSS Severity: v3 - 5.3 MEDIUM      v2 - 5.0 MEDIUM

 

 

<<< New  Older >>>