Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-14 | CVE-2017-1469 | Code Injection vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. | 7.8 |
| 2017-08-14 | CVE-2017-1190 | Unspecified vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. | 6.4 |
| 2017-08-14 | CVE-2016-6029 | Information Exposure vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-08-14 | CVE-2016-6021 | Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. | 5.4 |
| 2017-08-10 | CVE-2017-1431 | Cross-site Scripting vulnerability in IBM Infosphere Streams IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. | 5.4 |
| 2017-08-10 | CVE-2017-1377 | Information Exposure vulnerability in IBM Runbook Automation IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. | 4.3 |
| 2017-08-10 | CVE-2017-1192 | XXE vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2017-08-10 | CVE-2017-1174 | SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. | 8.8 |
| 2017-08-10 | CVE-2017-1168 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-08-09 | CVE-2017-3752 | Improper Input Validation vulnerability in multiple products An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. | 8.2 |