Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-05 | CVE-2018-1454 | Cleartext Transmission of Sensitive Information vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2018-06-05 | CVE-2018-1432 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. | 6.1 |
| 2018-06-05 | CVE-2017-1350 | Unspecified vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. | 7.8 |
| 2018-06-05 | CVE-2018-1000181 | Information Exposure vulnerability in IBM Kitura Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure. | 7.5 |
| 2018-06-04 | CVE-2018-1600 | Cleartext Transmission of Sensitive Information vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. | 7.5 |
| 2018-06-04 | CVE-2017-1748 | Open Redirect vulnerability in IBM Connections 5.0.0.0/5.5.0.0/6.0 IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2018-05-31 | CVE-2018-1532 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. | 4.3 |
| 2018-05-31 | CVE-2018-1496 | Cross-site Scripting vulnerability in IBM Content Navigator IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. | 5.4 |
| 2018-05-29 | CVE-2016-10577 | Cryptographic Issues vulnerability in IBM DB ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. | 8.1 |
| 2018-05-29 | CVE-2018-1495 | Improper Privilege Management vulnerability in IBM Flashsystem 840 Firmware and Flashsystem 900 Firmware IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. | 6.5 |