Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2016-6093 | Credentials Management vulnerability in IBM products IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2017-06-07 | CVE-2017-1196 | Weak Password Requirements vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70 IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2017-06-07 | CVE-2016-6087 | Improper Input Validation vulnerability in IBM Domino IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. | 9.8 |
| 2017-05-22 | CVE-2017-1092 | Unspecified vulnerability in IBM Informix Open Admin Tool 11.5/11.7/12.1 IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. | 9.8 |
| 2017-03-31 | CVE-2016-6111 | XXE vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 9.1 |
| 2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |
| 2017-02-15 | CVE-2016-9706 | XXE vulnerability in IBM Integration BUS and Websphere Message Broker IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 9.1 |
| 2017-02-15 | CVE-2016-0360 | Deserialization of Untrusted Data vulnerability in IBM Websphere MQ JMS IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. | 9.8 |
| 2017-02-08 | CVE-2016-9005 | Improper Access Control vulnerability in IBM System Storage Ts3100-Ts3200 Tape Library D.60 IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. | 9.8 |
| 2017-02-08 | CVE-2016-8954 | Use of Hard-coded Credentials vulnerability in IBM Dashdb Local IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. | 9.8 |