Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 126.96.36.199 iFix8, 6.0.4 before 188.8.131.52 iFix...
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 184.108.40.206, and 6.0.5 before 220.127.116.11 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 18.104.22.168 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 22.214.171.124 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.