Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2018-09-25 CVE-2018-1560 Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-09-25 CVE-2018-1539 Improper Authentication vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended.
network
low complexity
ibm CWE-287
6.5
2018-09-21 CVE-2018-1711 Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks.
local
low complexity
ibm CWE-732
7.8
2018-09-21 CVE-2018-1710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.1/10.5/11.1
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution.
local
low complexity
ibm CWE-119
7.8
2018-09-21 CVE-2018-1685 Information Exposure vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system.
local
low complexity
ibm CWE-200
5.5
2018-09-20 CVE-2018-1800 Information Exposure vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring.
local
high complexity
ibm CWE-200
4.7
2018-09-20 CVE-2018-1674 SQL Injection vulnerability in IBM products
IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2018-09-19 CVE-2018-1782 Unspecified vulnerability in IBM Spectrum Scale 5.0.1.0/5.0.1.1
IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system.
local
low complexity
ibm
6.5
2018-09-19 CVE-2017-1794 Resource Exhaustion vulnerability in IBM Tivoli Monitoring
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth.
network
high complexity
ibm CWE-400
7.5
2018-09-14 CVE-2018-1791 Improper Input Validation vulnerability in IBM Connections 5.0/5.5/6.0
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property.
network
high complexity
ibm CWE-20
4.9