Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-11-30 CVE-2016-2944 Improper Authentication vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
network
low complexity
ibm CWE-287
critical
9.8
2016-11-25 CVE-2016-3028 OS Command Injection vulnerability in IBM products
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
network
low complexity
ibm CWE-78
critical
9.1
2016-07-02 CVE-2016-0391 Improper Access Control vulnerability in IBM Watson Developer Cloud
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
network
low complexity
ibm CWE-284
critical
9.8
2016-06-28 CVE-2016-0224 SQL Injection vulnerability in IBM Marketing Platform
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
critical
9.8
2016-06-06 CVE-2015-5041 Information Exposure vulnerability in multiple products
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
network
low complexity
ibm suse redhat CWE-200
critical
9.1
2016-04-05 CVE-2015-8522 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521.
network
low complexity
ibm CWE-119
critical
9.8
2016-04-05 CVE-2015-8521 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522.
network
low complexity
ibm CWE-119
critical
9.8
2016-04-05 CVE-2015-8520 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522.
network
low complexity
ibm CWE-119
critical
9.8
2016-04-05 CVE-2015-8519 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522.
network
low complexity
ibm CWE-119
critical
9.8
2016-03-12 CVE-2015-7411 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Monitoring
The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.
network
low complexity
ibm CWE-264
critical
9.9