Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-13 | CVE-2018-1383 | Unspecified vulnerability in IBM AIX A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. | 9.1 |
| 2018-02-08 | CVE-2012-2166 | Use of Hard-coded Credentials vulnerability in IBM products IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. | 9.8 |
| 2018-02-08 | CVE-2011-4889 | 7PK - Security Features vulnerability in IBM Websphere Application Server The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. | 9.8 |
| 2018-01-26 | CVE-2017-1204 | Use of Hard-coded Credentials vulnerability in IBM Tealeaf Customer Experience 8.7/8.8/9.0.2 IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. | 9.8 |
| 2018-01-12 | CVE-2016-0332 | 7PK - Security Features vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | 9.8 |
| 2018-01-09 | CVE-2017-1670 | SQL Injection vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. | 9.8 |
| 2017-11-13 | CVE-2017-1710 | Unspecified vulnerability in IBM products A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. | 9.8 |
| 2017-11-13 | CVE-2017-1221 | Weak Password Requirements vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2017-10-05 | CVE-2016-8937 | Improper Authentication vulnerability in IBM Tivoli Storage Manager The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. | 9.8 |
| 2017-08-29 | CVE-2017-1376 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Operations Analytics Predictive Insights A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. | 9.8 |