Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2016-6840 6.1 MEDIUM EPSS 0.00

Huawei Oceanstor Ism - XSS

Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.

CWE-79 Sep 26, 2016

CVE-2016-5395 4.8 MEDIUM EPSS 0.00

Apache Ranger < 0.5.0 - XSS

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

CWE-79 Sep 26, 2016

CVE-2016-4993 6.1 MEDIUM EPSS 0.01

WildFly <7.0.2 - CRLF Injection

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CWE-113 Sep 26, 2016

CVE-2016-5997 6.5 MEDIUM EPSS 0.00

IBM Tealeaf Customer Experience <9.0.1-9.0.2 - Info Disclosure

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.

CWE-640 Sep 26, 2016

CVE-2016-5978 5.4 MEDIUM EPSS 0.00

IBM Tealeaf Customer Experience <9.0.1.1117 - XSS

Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.

CWE-79 Sep 26, 2016

CVE-2016-5977 6.8 MEDIUM EPSS 0.00

IBM Tealeaf Customer Experience <9.0.1.1117 FP5-9.0.2.5224_9.0.2A F...

Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CWE-601 Sep 26, 2016

CVE-2016-5976 4.9 MEDIUM EPSS 0.00

IBM Tealeaf Customer Experience <9.0.1-9.0.2 - Info Disclosure

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.

CWE-200 Sep 26, 2016

CVE-2016-5975 5.4 MEDIUM EPSS 0.00

IBM Tealeaf Customer Experience <9.0.1.1117 - XSS

Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978.

CWE-79 Sep 26, 2016

CVE-2016-5974 5.4 MEDIUM EPSS 0.00

IBM Security Privileged Identity Manager <2.0.2 FP8 - XSS

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.

CWE-79 Sep 26, 2016

CVE-2016-5972 6.8 MEDIUM EPSS 0.00

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance ...

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CWE-284 Sep 26, 2016

CVE-2016-5970 6.5 MEDIUM EPSS 0.00

IBM Security Privileged Identity Manager <2.0.2 FP8 - Path Traversal

Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

CWE-22 Sep 26, 2016

CVE-2016-5947 5.7 MEDIUM EPSS 0.00

IBM Spectrum Control <5.2.11 - CSRF

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

CWE-20 Sep 26, 2016

CVE-2016-5946 6.5 MEDIUM EPSS 0.00

IBM Spectrum Control <5.2.11 - Path Traversal

Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

CWE-200 Sep 26, 2016

CVE-2016-5945 4.3 MEDIUM EPSS 0.00

IBM Spectrum Control <5.2.11 - File Upload

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request.

CWE-284 Sep 26, 2016

CVE-2016-5944 5.4 MEDIUM EPSS 0.00

IBM Spectrum Control <5.2.11 - XSS

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.

CWE-79 Sep 26, 2016

CVE-2016-5943 5.4 MEDIUM EPSS 0.00

IBM Spectrum Control <5.2.11 - Auth Bypass

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors.

CWE-284 Sep 26, 2016

CVE-2016-3040 6.8 MEDIUM EPSS 0.00

IBM Security Privileged Identity Mana... - Open Redirect

IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CWE-601 Sep 26, 2016

CVE-2016-3006 5.4 MEDIUM EPSS 0.00

IBM Connections - XSS

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003.

CWE-79 Sep 26, 2016

CVE-2016-3003 5.4 MEDIUM EPSS 0.00

IBM Connections - XSS

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006.

CWE-79 Sep 26, 2016

CVE-2016-3001 5.4 MEDIUM EPSS 0.00

IBM Connections - XSS

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3003 and CVE-2016-3006.

CWE-79 Sep 26, 2016

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps