Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-13 | CVE-2017-1714 | Unspecified vulnerability in IBM Client Application Access and Notes IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. | 7.2 |
2018-02-13 | CVE-2017-1711 | Untrusted Search Path vulnerability in IBM Client Application Access and Notes IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. | 6.8 |
2018-02-09 | CVE-2018-1401 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.5.0.0/9.0.0.0 IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 4.3 |
2018-02-09 | CVE-2018-1368 | Improper Privilege Management vulnerability in IBM Security Guardium Database Activity Monitor 9.0/9.1/9.5 IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. | 3.6 |
2018-02-09 | CVE-2017-1761 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 4.3 |
2018-02-08 | CVE-2012-3331 | Information Exposure vulnerability in IBM Sametime IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. | 5.0 |
2018-02-08 | CVE-2012-2166 | Use of Hard-coded Credentials vulnerability in IBM products IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. | 10.0 |
2018-02-08 | CVE-2011-4889 | 7PK - Security Features vulnerability in IBM Websphere Application Server The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. | 7.5 |
2018-02-07 | CVE-2018-1388 | Information Exposure vulnerability in IBM Websphere MQ GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. | 5.0 |
2018-02-07 | CVE-2018-1382 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. | 3.5 |