Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2015-1928 6.8 MEDIUM EPSS 0.00

IBM Rational Quality Manager - Improper Input Validation

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

CWE-20 Jan 02, 2016

CVE-2015-7451 5.4 MEDIUM EPSS 0.00

IBM Maximo Asset Management <7.5.0.9 IF2, <7.5.1, <7.6.0.3 FP3 - XSS

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CWE-79 Jan 02, 2016

CVE-2015-7402 5.4 MEDIUM EPSS 0.00

IBM Curam Social Program Mgmt <6.1.1.1 - XSS

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CWE-79 Jan 02, 2016

CVE-2015-5020 4.3 MEDIUM EPSS 0.00

IBM Infosphere Biginsights - Access Control

The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors.

CWE-264 Jan 02, 2016

CVE-2015-4996 5.1 MEDIUM EPSS 0.00

IBM Rational Clearquest - Information Disclosure

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.

CWE-200 Jan 02, 2016

CVE-2015-4990 4.0 MEDIUM EPSS 0.00

IBM Tealeaf Customer Experience < 8.6 - Information Disclosure

The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.

CWE-200 Jan 02, 2016

CVE-2015-7456 6.5 MEDIUM EPSS 0.00

IBM Spectrum Scale <4.1.1.4, 4.2.0.0 - Info Disclosure

IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.

CWE-200 Jan 01, 2016

CVE-2015-7409 5.4 MEDIUM EPSS 0.00

IBM Security QRadar SIEM <7.2.6 - XSS

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field.

CWE-79 Jan 01, 2016

CVE-2015-7445 4.3 MEDIUM EPSS 0.00

IBM Multi-Enterprise Integration Gateway <1.0.0.1 & B2B Advanced Co...

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.

CWE-200 Jan 01, 2016

CVE-2015-7415 5.4 MEDIUM EPSS 0.00

IBM UrbanCode Deploy <6.0.1.12-6.2.0.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CWE-79 Jan 01, 2016

CVE-2015-5049 5.4 MEDIUM EPSS 0.00

IBM Openpages Grc Platform - SQL Injection

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CWE-89 Jan 01, 2016

CVE-2015-4943 5.3 MEDIUM EPSS 0.01

IBM Websphere MQ Light - Denial of Service

IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.

CWE-17 Jan 01, 2016

CVE-2015-4941 5.3 MEDIUM EPSS 0.01

IBM Websphere MQ Light - Denial of Service

IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.

CWE-17 Jan 01, 2016

CVE-2015-7441 6.8 MEDIUM EPSS 0.00

IBM WebSphere Process Server <8.5.6 - Info Disclosure

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CWE-17 Jan 01, 2016

CVE-2015-7447 5.3 MEDIUM EPSS 0.00

IBM WebSphere Portal - Auth Bypass

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors.

CWE-200 Dec 31, 2015

CVE-2015-7282 5.8 MEDIUM EPSS 0.00

Readynet Solutions Wrt300n-dd Firmware - Improper Input Validation

ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.

CWE-20 Dec 31, 2015

CVE-2015-7279 5.3 MEDIUM EPSS 0.01

Amped Wireless R10000 <2.5.2.11 - Info Disclosure

Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.

Dec 31, 2015

CVE-2015-6017 6.1 MEDIUM EPSS 0.01

ZyXEL P-660HW-T1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.

CWE-79 Dec 31, 2015

CVE-2015-5994 6.8 MEDIUM EPSS 0.00

Mediabridge Medialink MWN-WAPR300N - Info Disclosure

The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session.

CWE-255 Dec 31, 2015

CVE-2015-2918 6.1 MEDIUM EPSS 0.01

OrientDB Server Community Edition <2.0.15 & <2.1.1 - XSS

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

CWE-20 Dec 31, 2015

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps