Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-29 | CVE-2018-1376 | Cross-site Scripting vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. | 6.1 |
| 2018-05-29 | CVE-2018-1375 | Session Fixation vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 7.5 |
| 2018-05-29 | CVE-2018-1370 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 5.4 |
| 2018-05-29 | CVE-2018-1369 | Information Exposure vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. | 3.7 |
| 2018-05-29 | CVE-2017-1768 | Information Exposure vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. | 4.3 |
| 2018-05-25 | CVE-2018-1565 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. | 7.8 |
| 2018-05-25 | CVE-2018-1544 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. | 7.8 |
| 2018-05-25 | CVE-2018-1515 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.5/11.1 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. | 7.0 |
| 2018-05-25 | CVE-2018-1488 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.5/11.1 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. | 7.8 |
| 2018-05-25 | CVE-2018-1467 | Information Exposure vulnerability in IBM Storwize Unified V7000 Software 1.6 The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. | 7.5 |