Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-09 | CVE-2017-1670 | SQL Injection vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. | 9.8 |
| 2018-01-09 | CVE-2017-1668 | Open Redirect vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2018-01-09 | CVE-2017-1666 | XXE vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2018-01-09 | CVE-2017-1612 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. | 7.8 |
| 2018-01-09 | CVE-2017-1493 | Improper Privilege Management vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. | 5.4 |
| 2018-01-04 | CVE-2017-1727 | Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. | 4.3 |
| 2018-01-04 | CVE-2017-1699 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Websphere MQ IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. | 3.3 |
| 2018-01-04 | CVE-2017-1673 | Cross-site Scripting vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. | 6.1 |
| 2018-01-04 | CVE-2017-1672 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-01-04 | CVE-2017-1669 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. | 3.7 |