Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-20 | CVE-2014-6112 | Information Exposure vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. | 4.3 |
| 2018-04-20 | CVE-2014-6111 | Credentials Management vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. | 2.1 |
| 2018-04-20 | CVE-2014-6109 | Improper Access Control vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. | 3.5 |
| 2018-04-20 | CVE-2014-6108 | Information Exposure vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. | 4.3 |
| 2018-04-20 | CVE-2014-4782 | Information Exposure vulnerability in IBM Infosphere Biginsights 2.1.2 IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. | 4.0 |
| 2018-04-19 | CVE-2017-3774 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo Integrated Management Module 2 A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. | 7.5 |
| 2018-04-17 | CVE-2018-1445 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2018-04-17 | CVE-2018-1371 | Unspecified vulnerability in IBM Websphere MQ 8.0.0.8/9.0.0.2/9.0.4 An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. | 4.0 |
| 2018-04-16 | CVE-2015-1952 | Cross-site Scripting vulnerability in IBM Security Appscan Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2018-04-12 | CVE-2014-6169 | Cross-site Scripting vulnerability in IBM Forms Experience Builder 8.5/8.5.1 Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |