Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-11 | CVE-2018-1724 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum LSF IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. | 5.3 |
| 2018-10-11 | CVE-2018-1708 | Information Exposure vulnerability in IBM Platform Symphony and Specturm Symphony IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. | 6.5 |
| 2018-10-11 | CVE-2018-1706 | Cross-site Scripting vulnerability in IBM Spectrum Symphony 7.2.0.2 IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2018-10-10 | CVE-2018-18202 | Unspecified vulnerability in IBM products The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password. | 9.8 |
| 2018-10-08 | CVE-2018-1753 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. | 4.3 |
| 2018-10-08 | CVE-2018-1750 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2018-10-08 | CVE-2018-1749 | Unspecified vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 6.5 |
| 2018-10-08 | CVE-2018-1743 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. | 5.3 |
| 2018-10-08 | CVE-2018-1742 | Use of Hard-coded Credentials vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.3 |
| 2018-10-08 | CVE-2018-1741 | Unspecified vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other consequences. | 6.5 |