Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-25 | CVE-2017-1555 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. | 4.3 |
| 2017-09-25 | CVE-2017-1551 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2017-09-25 | CVE-2017-1424 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0 IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-25 | CVE-2017-1362 | Insufficiently Protected Credentials vulnerability in IBM Security Identity Manager 6.0/7.0 IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2017-09-25 | CVE-2017-1346 | Race Condition vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. | 2.5 |
| 2017-09-25 | CVE-2017-1235 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. | 6.5 |
| 2017-09-20 | CVE-2015-0162 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0 IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | 7.0 |
| 2017-09-19 | CVE-2014-6191 | Cross-site Scripting vulnerability in IBM Curam Social Program Management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-09-18 | CVE-2014-6106 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. | 8.8 |
| 2017-09-15 | CVE-2015-0110 | Improper Access Control vulnerability in IBM products IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. | 6.5 |