Vulnerabilities > IBM > Integration BUS > 9.0.0.9

DATE CVE VULNERABILITY TITLE RISK
2019-02-04 CVE-2018-1801 XXE vulnerability in IBM products
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.3
5.3
2018-11-26 CVE-2017-1418 Permission Issues vulnerability in IBM Integration BUS and Websphere Message Broker
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files.
local
low complexity
ibm CWE-275
5.5
5.5
2017-12-20 CVE-2017-1694 Cleartext Transmission of Sensitive Information vulnerability in IBM Integration BUS
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques.
network
high complexity
ibm CWE-319
8.1
8.1