Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-07 | CVE-2017-1271 | Inadequate Encryption Strength vulnerability in IBM Security Guardium 9.0/9.1/9.5 IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. | 7.5 |
| 2017-11-13 | CVE-2017-1477 | XXE vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0 IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-11-13 | CVE-2017-1453 | OS Command Injection vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0 IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-11-01 | CVE-2017-1300 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-10-24 | CVE-2017-1583 | Information Exposure vulnerability in IBM Liberty 3.13 IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. | 7.5 |
| 2017-10-24 | CVE-2017-1523 | Missing Authentication for Critical Function vulnerability in IBM Infosphere Master Data Management 11.5 IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. | 7.5 |
| 2017-10-24 | CVE-2017-1375 | Inadequate Encryption Strength vulnerability in IBM Storwize Unified V7000 Software 1.5/1.6 IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2017-10-24 | CVE-2017-1210 | Improper Input Validation vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. | 7.5 |
| 2017-10-05 | CVE-2017-1378 | Insufficiently Protected Credentials vulnerability in IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. | 7.8 |
| 2017-10-05 | CVE-2017-1201 | Insufficiently Protected Credentials vulnerability in IBM Bigfix Security Compliance Analytics 1.9.79 IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. | 7.8 |