Filtered by vendor Ibm
Subscribe
Total
7377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1947 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427. | |||||
| CVE-2018-1946 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388. | |||||
| CVE-2018-1945 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387. | |||||
| CVE-2018-1944 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 7.5 HIGH | 5.1 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386. | |||||
| CVE-2018-1943 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385. | |||||
| CVE-2018-1941 | 1 Ibm | 1 Campaign | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382. | |||||
| CVE-2018-1939 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
| IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319. | |||||
| CVE-2018-1938 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318. | |||||
| CVE-2018-1937 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317. | |||||
| CVE-2018-1936 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316. | |||||
| CVE-2018-1935 | 1 Ibm | 1 Connections | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315. | |||||
| CVE-2018-1934 | 1 Ibm | 1 Cognos Business Intelligence | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179. | |||||
| CVE-2018-1933 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177. | |||||
| CVE-2018-1932 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175. | |||||
| CVE-2018-1929 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120. | |||||
| CVE-2018-1928 | 1 Ibm | 1 Storediq | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
| IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119. | |||||
| CVE-2018-1927 | 1 Ibm | 1 Storediq | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | |||||
| CVE-2018-1926 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. | |||||
| CVE-2018-1925 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. | |||||
| CVE-2018-1923 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859. | |||||