Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-02 | CVE-2017-1383 | XXE vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2017-07-13 | CVE-2016-8964 | 7PK - Security Features vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2017-07-05 | CVE-2017-1253 | OS Command Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.9 |
| 2017-07-05 | CVE-2017-1175 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. | 9.8 |
| 2017-07-05 | CVE-2017-1269 | SQL Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. | 9.8 |
| 2017-06-15 | CVE-2017-1197 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70 IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2017-06-08 | CVE-2016-6093 | Credentials Management vulnerability in IBM products IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2017-06-07 | CVE-2017-1196 | Weak Password Requirements vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70 IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2017-06-07 | CVE-2016-6087 | Improper Input Validation vulnerability in IBM Domino IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. | 9.8 |
| 2017-05-22 | CVE-2017-1092 | Unspecified vulnerability in IBM Informix Open Admin Tool 11.5/11.7/12.1 IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. | 9.8 |