Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-07 | CVE-2018-1366 | Unspecified vulnerability in IBM Content Navigator IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. network ibm | 6.8 |
2018-02-07 | CVE-2017-1785 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. | 4.0 |
2018-02-07 | CVE-2017-1692 | Unspecified vulnerability in IBM AIX IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | 7.2 |
2018-02-02 | CVE-2016-0342 | Improper Access Control vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. | 5.5 |
2018-02-02 | CVE-2016-0329 | Open Redirect vulnerability in IBM Emptoris Sourcing Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.9 |
2018-02-02 | CVE-2016-0312 | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. | 5.0 |
2018-02-02 | CVE-2016-0311 | Cross-site Scripting vulnerability in IBM Tivoli Business Service Manager 6.1.0/6.1.1 Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2018-02-02 | CVE-2016-0303 | Cross-site Scripting vulnerability in IBM Tivoli Integrated Portal Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2018-02-02 | CVE-2016-0300 | Improper Input Validation vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. | 5.5 |
2018-01-31 | CVE-2017-1773 | Insufficient Verification of Data Authenticity vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. | 4.3 |