Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2017-09-26 CVE-2017-1530 Cross-site Scripting vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-26 CVE-2017-1527 XXE vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.1
8.1
2017-09-26 CVE-2017-1425 Cross-site Scripting vulnerability in IBM Business Process Manager 8.0.1.1/8.5.7.0
IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-25 CVE-2017-1555 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan.
network
low complexity
ibm CWE-20
4.3
4.3
2017-09-25 CVE-2017-1551 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-20
6.1
6.1
2017-09-25 CVE-2017-1424 Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-25 CVE-2017-1362 Insufficiently Protected Credentials vulnerability in IBM Security Identity Manager 6.0/7.0
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
7.8
7.8
2017-09-25 CVE-2017-1346 Race Condition vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan.
local
high complexity
ibm CWE-362
2.5
2.5
2017-09-25 CVE-2017-1235 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service.
network
low complexity
ibm
6.5
6.5
2017-09-20 CVE-2015-0162 Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
local
high complexity
ibm CWE-264
7.0
7.0