Security Vulnerabilities - CVEs Published In July 2016
IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.
CVSS Score
4.3
EPSS Score
0.002
Published
2016-07-02
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
CVSS Score
9.8
EPSS Score
0.009
Published
2016-07-02
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-07-02
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.
CVSS Score
8.0
EPSS Score
0.001
Published
2016-07-02
JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.011
Published
2016-07-01
The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.006
Published
2016-07-01
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.
CVSS Score
5.9
EPSS Score
0.002
Published
2016-07-01
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.
CVSS Score
4.3
EPSS Score
0.002
Published
2016-07-01
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service.
CVSS Score
7.7
EPSS Score
0.001
Published
2016-07-01
Page 71