Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2014-6191 | Cross-site Scripting vulnerability in IBM Curam Social Program Management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-09-18 | CVE-2014-6106 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. | 8.8 |
| 2017-09-15 | CVE-2015-0110 | Improper Access Control vulnerability in IBM products IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. | 6.5 |
| 2017-09-14 | CVE-2017-1490 | Information Exposure vulnerability in IBM Jazz Reporting Service An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. | 5.3 |
| 2017-09-13 | CVE-2017-1556 | Improper Input Validation vulnerability in IBM API Connect 5.0.7.0/5.0.7.1/5.0.7.2 IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. | 6.5 |
| 2017-09-13 | CVE-2017-1508 | Unspecified vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. | 6.7 |
| 2017-09-12 | CVE-2017-1520 | Improper Authentication vulnerability in IBM DB2 and DB2 Connect IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. | 3.7 |
| 2017-09-12 | CVE-2017-1519 | Improper Input Validation vulnerability in IBM DB2 and DB2 Connect IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. | 5.9 |
| 2017-09-12 | CVE-2017-1452 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. | 7.8 |
| 2017-09-12 | CVE-2017-1451 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. | 7.8 |