Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-16 | CVE-2018-1639 | Information Exposure vulnerability in IBM Jazz Reporting Service The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. | 6.5 |
| 2018-11-16 | CVE-2018-9085 | Incorrect Default Permissions vulnerability in multiple products A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. | 4.9 |
| 2018-11-15 | CVE-2018-1643 | Cross-site Scripting vulnerability in IBM Websphere Application Server The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2018-11-13 | CVE-2018-1808 | Code Injection vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. | 8.8 |
| 2018-11-13 | CVE-2018-1792 | Code Injection vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. | 7.8 |
| 2018-11-12 | CVE-2018-1884 | Path Traversal vulnerability in IBM Case Manager IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. | 7.8 |
| 2018-11-12 | CVE-2018-1798 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2018-11-12 | CVE-2018-1786 | Resource Exhaustion vulnerability in IBM products IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. | 7.5 |
| 2018-11-09 | CVE-2018-1872 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-11-09 | CVE-2018-1857 | Information Exposure vulnerability in IBM DB2 11.1 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. | 6.5 |