Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2018-02-13 CVE-2017-1714 Unspecified vulnerability in IBM Client Application Access and Notes
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege.
local
low complexity
ibm
7.2
2018-02-13 CVE-2017-1711 Untrusted Search Path vulnerability in IBM Client Application Access and Notes
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory.
network
ibm CWE-426
6.8
2018-02-09 CVE-2018-1401 Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.5.0.0/9.0.0.0
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2018-02-09 CVE-2018-1368 Improper Privilege Management vulnerability in IBM Security Guardium Database Activity Monitor 9.0/9.1/9.5
IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to.
local
low complexity
ibm CWE-269
3.6
2018-02-09 CVE-2017-1761 Cross-site Scripting vulnerability in IBM Websphere Portal
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2018-02-08 CVE-2012-3331 Information Exposure vulnerability in IBM Sametime
IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF.
network
low complexity
ibm CWE-200
5.0
2018-02-08 CVE-2012-2166 Use of Hard-coded Credentials vulnerability in IBM products
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors.
network
low complexity
ibm CWE-798
critical
10.0
2018-02-08 CVE-2011-4889 7PK - Security Features vulnerability in IBM Websphere Application Server
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password.
network
low complexity
ibm CWE-254
7.5
2018-02-07 CVE-2018-1388 Information Exposure vulnerability in IBM Websphere MQ
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding.
network
low complexity
ibm CWE-200
5.0
2018-02-07 CVE-2018-1382 Cross-site Scripting vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5