Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-26 | CVE-2018-1377 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-02-26 | CVE-2017-1774 | Information Exposure vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. | 5.3 |
| 2018-02-22 | CVE-2018-1417 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Java SDK Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. | 8.1 |
| 2018-02-22 | CVE-2018-1415 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-02-22 | CVE-2018-1414 | SQL Injection vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. | 8.8 |
| 2018-02-22 | CVE-2018-1392 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.4.0/3.1.0.0 IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. | 3.1 |
| 2018-02-22 | CVE-2018-1391 | Unspecified vulnerability in IBM Financial Transaction Manager 3.0.4.0/3.1.0.0 IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. | 6.5 |
| 2018-02-21 | CVE-2017-1758 | XXE vulnerability in IBM products IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-02-21 | CVE-2017-1604 | Cross-site Scripting vulnerability in IBM Maximo Anywhere IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-02-21 | CVE-2017-1462 | Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. | 5.4 |