Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-29 | CVE-2015-4953 | Inadequate Encryption Strength vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. | 4.8 |
| 2018-03-29 | CVE-2015-4952 | Unspecified vulnerability in IBM Endpoint Manager for Remote Control 9.0.1/9.1.0 The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | 8.8 |
| 2018-03-29 | CVE-2015-2009 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. | 8.8 |
| 2018-03-27 | CVE-2015-5016 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. | 4.3 |
| 2018-03-27 | CVE-2015-4987 | Improper Authentication vulnerability in IBM Tealeaf Customer Experience The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. | 6.5 |
| 2018-03-27 | CVE-2015-4954 | Improper Certificate Validation vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. | 5.9 |
| 2018-03-26 | CVE-2015-7434 | Information Exposure vulnerability in IBM Capacity Management Analytics 2.1.0.0 IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. | 7.8 |
| 2018-03-26 | CVE-2015-7433 | Information Exposure vulnerability in IBM Capacity Management Analytics 2.1.0.0 IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. | 7.8 |
| 2018-03-26 | CVE-2015-7432 | Information Exposure vulnerability in IBM Capacity Management Analytics 2.1.0.0 IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. | 7.8 |
| 2018-03-26 | CVE-2015-7424 | Information Exposure vulnerability in IBM Infosphere Master Data Management IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. | 4.3 |