Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-11 | CVE-2013-2972 | Improper Access Control vulnerability in IBM Websphere Cast Iron Cloud Integration 6.0.0.0/6.1.0.0/6.3.0.0 IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. | 7.5 |
| 2018-07-11 | CVE-2013-2951 | Credentials Management vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. | 7.8 |
| 2018-07-11 | CVE-2013-0594 | Open Redirect vulnerability in IBM Inotes Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.1 |
| 2018-07-11 | CVE-2013-0592 | Cross-site Scripting vulnerability in IBM Inotes Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-07-11 | CVE-2013-0589 | Information Exposure vulnerability in IBM Inotes IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. | 7.5 |
| 2018-07-10 | CVE-2018-1566 | Use of Externally-Controlled Format String vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. | 7.8 |
| 2018-07-10 | CVE-2018-1549 | Injection vulnerability in IBM Rational Quality Manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. | 5.4 |
| 2018-07-10 | CVE-2018-1523 | Cross-site Scripting vulnerability in IBM Rational Quality Manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 5.4 |
| 2018-07-10 | CVE-2018-1492 | Session Fixation vulnerability in IBM products IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. | 6.8 |
| 2018-07-10 | CVE-2018-1487 | Untrusted Search Path vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. | 7.8 |