Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-26 CVE-2017-3768 Resource Exhaustion vulnerability in multiple products
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x).
network
low complexity
lenova ibm CWE-400
7.5
2018-01-24 CVE-2017-1769 Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Process Manager 8.6.0.0
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2018-01-12 CVE-2016-0335 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
network
low complexity
ibm CWE-352
8.8
2018-01-12 CVE-2016-0327 Permissions, Privileges, and Access Controls vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors.
local
low complexity
ibm CWE-264
7.8
2018-01-12 CVE-2016-0324 Command Injection vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors.
network
low complexity
ibm CWE-77
8.8
2018-01-09 CVE-2017-1671 Path Traversal vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2018-01-09 CVE-2017-1666 XXE vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.1
2018-01-09 CVE-2017-1612 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user.
local
low complexity
ibm
7.8
2018-01-04 CVE-2017-1672 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-12-20 CVE-2017-1757 SQL Injection vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8