Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-27 | CVE-2018-1457 | Unspecified vulnerability in IBM Engineering Requirements Management Doors An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. | 9.8 |
| 2018-05-02 | CVE-2017-1601 | Weak Password Requirements vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2018-04-27 | CVE-2018-1475 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2018-04-20 | CVE-2014-0931 | XXE vulnerability in IBM Rational Clearcase Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. | 9.1 |
| 2018-04-12 | CVE-2014-6120 | Command Injection vulnerability in IBM Rational Appscan Source and Security Appscan Source IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. | 9.8 |
| 2018-04-04 | CVE-2018-1469 | Unspecified vulnerability in IBM API Connect IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. | 9.8 |
| 2018-03-22 | CVE-2018-1426 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in IBM DB2 IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. | 9.1 |
| 2018-03-22 | CVE-2017-1789 | Code Injection vulnerability in IBM Tivoli Monitoring IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. | 9.8 |
| 2018-03-02 | CVE-2018-1373 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2018-02-27 | CVE-2018-1372 | Weak Password Requirements vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |