Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2019 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
|
IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.
|
|||||
| CVE-2018-2015 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 6.4 MEDIUM |
|
IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 155195.
|
|||||
| CVE-2018-2013 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193.
|
|||||
| CVE-2018-2011 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150.
|
|||||
| CVE-2018-2009 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.
|
|||||
| CVE-2018-2008 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146.
|
|||||
| CVE-2018-2007 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.
|
|||||
| CVE-2018-2006 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008.
|
|||||
| CVE-2018-2005 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007
|
|||||
| CVE-2018-2004 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006.
|
|||||
| CVE-2018-2001 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
|
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.
|
|||||
| CVE-2018-2000 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
|
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.
|
|||||
| CVE-2018-20733 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.
|
|||||
| CVE-2018-20732 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
|
|||||
| CVE-2018-1999 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889.
|
|||||
| CVE-2018-1998 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.
|
|||||
| CVE-2018-1997 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.
|
|||||
| CVE-2018-1996 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.
|
|||||
| CVE-2018-1994 | 1 Ibm | 2 Infosphere Information Server On Cloud, Infosphere Metadata Asset Manager | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.
|
|||||
| CVE-2018-1993 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.
|
|||||
| CVE-2018-1992 | 1 Ibm | 22 Power System Ac922 \(8335-gtg\), Power System Ac922 \(8335-gtg\) Firmware, Power System Ac922 \(8335-gth\) and 19 more | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
|
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite i ...
Show More |
|||||
| CVE-2018-1991 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.
|
|||||
| CVE-2018-1990 | 1 Ibm | 1 Cloud App Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283.
|
|||||
| CVE-2018-1987 | 1 Ibm | 1 Data Protection | 2024-11-21 | 1.9 LOW | 7.8 HIGH |
|
IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280.
|
|||||
| CVE-2018-1985 | 2 Apple, Ibm | 2 Macos, Security Rapport | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
|
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207.
|
|||||
| CVE-2018-1984 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137.
|
|||||
| CVE-2018-1983 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136.
|
|||||
| CVE-2018-1982 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154135.
|
|||||
| CVE-2018-1980 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.
|
|||||
| CVE-2018-1978 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.
|
|||||
| CVE-2018-1977 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.
|
|||||
| CVE-2018-1976 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.
|
|||||
| CVE-2018-1975 | 1 Ibm | 1 Rational Doors Web Access | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153916.
|
|||||
| CVE-2018-1974 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
|
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.
|
|||||
| CVE-2018-1973 | 1 Ibm | 1 Api Connect | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.
|
|||||
| CVE-2018-1970 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
|
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
|
|||||
| CVE-2018-1969 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 6.5 MEDIUM | 9.0 CRITICAL |
|
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.
|
|||||
| CVE-2018-1968 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749.
|
|||||
| CVE-2018-1967 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.
|
|||||
| CVE-2018-1962 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
|
|||||