Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-1757 | SQL Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 is vulnerable to SQL injection. | 8.8 |
| 2017-12-20 | CVE-2017-1746 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-12-20 | CVE-2017-1696 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.3.0 IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-12-20 | CVE-2017-1694 | Cleartext Transmission of Sensitive Information vulnerability in IBM Integration BUS IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. | 8.1 |
| 2017-12-20 | CVE-2017-1631 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-12-20 | CVE-2017-1598 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2017-12-13 | CVE-2017-1635 | Use After Free vulnerability in IBM Tivoli Monitoring IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. | 8.0 |
| 2017-12-11 | CVE-2017-1760 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. | 7.1 |
| 2017-12-11 | CVE-2017-1606 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. | 8.8 |
| 2017-12-07 | CVE-2017-1356 | SQL Injection vulnerability in IBM Atlas Ediscovery Process Management IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. | 8.8 |