Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-02 | CVE-2016-6095 | Improper Access Control vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2017-02-01 | CVE-2016-8938 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. | 10.0 |
| 2017-02-01 | CVE-2016-6090 | Unspecified vulnerability in IBM Websphere Commerce IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service. | 9.8 |
| 2017-02-01 | CVE-2016-6082 | Use After Free vulnerability in IBM Bigfix Platform IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. | 10.0 |
| 2017-02-01 | CVE-2016-5964 | Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2 IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2017-02-01 | CVE-2016-2908 | XXE vulnerability in IBM products IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. | 9.1 |
| 2016-12-13 | CVE-2015-5073 | Information Exposure vulnerability in multiple products Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. | 9.1 |
| 2016-11-30 | CVE-2016-2944 | Improper Authentication vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | 9.8 |
| 2016-11-25 | CVE-2016-3028 | OS Command Injection vulnerability in IBM products IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access. | 9.1 |
| 2016-07-02 | CVE-2016-0391 | Improper Access Control vulnerability in IBM Watson Developer Cloud The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | 9.8 |