Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-24 | CVE-2018-1699 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. | 8.8 |
| 2018-08-22 | CVE-2018-1599 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
| 2018-08-20 | CVE-2018-1656 | Path Traversal vulnerability in multiple products The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. | 6.5 |
| 2018-08-20 | CVE-2018-1517 | Improper Input Validation vulnerability in multiple products A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. | 7.5 |
| 2018-08-20 | CVE-2018-1394 | Cross-site Scripting vulnerability in IBM products Multiple IBM Rational products are vulnerable to cross-site scripting. | 5.4 |
| 2018-08-20 | CVE-2017-1753 | Code Injection vulnerability in IBM products Multiple IBM Rational products are vulnerable to HTML injection. | 5.4 |
| 2018-08-17 | CVE-2017-1732 | Information Exposure vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. | 5.3 |
| 2018-08-16 | CVE-2018-1712 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. | 9.9 |
| 2018-08-16 | CVE-2018-1715 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. | 5.4 |
| 2018-08-15 | CVE-2018-1455 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.2.2/7.3.0 IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |