Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-26 | CVE-2017-1279 | Path Traversal vulnerability in IBM Tealeaf Customer Experience 8.7/8.8/9.0.2 IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2018-01-26 | CVE-2017-1204 | Use of Hard-coded Credentials vulnerability in IBM Tealeaf Customer Experience 8.7/8.8/9.0.2 IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. | 9.8 |
| 2018-01-26 | CVE-2016-2983 | Improper Input Validation vulnerability in IBM Tealeaf Customer Experience 8.7/8.8/9.0.2 IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. | 8.1 |
| 2018-01-26 | CVE-2017-3768 | Resource Exhaustion vulnerability in multiple products An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). | 7.5 |
| 2018-01-24 | CVE-2017-1769 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-01-19 | CVE-2018-1362 | Unspecified vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. | 5.0 |
| 2018-01-19 | CVE-2017-1693 | Insufficient Session Expiration vulnerability in IBM Integration BUS IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. | 5.6 |
| 2018-01-16 | CVE-2016-0219 | XXE vulnerability in IBM products XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. | 6.5 |
| 2018-01-16 | CVE-2016-0215 | Improper Input Validation vulnerability in IBM DB2 IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database. | 6.5 |
| 2018-01-16 | CVE-2016-0207 | Improper Input Validation vulnerability in IBM Algo Risk Application 4.9.1/5.0.0/5.1.0 IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | 5.4 |