Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-1746 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-12-20 CVE-2017-1696 Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.3.0
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-20
8.8
2017-12-20 CVE-2017-1694 Cleartext Transmission of Sensitive Information vulnerability in IBM Integration BUS
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques.
network
high complexity
ibm CWE-319
8.1
2017-12-20 CVE-2017-1631 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-12-20 CVE-2017-1598 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2017-12-13 CVE-2017-1635 Use After Free vulnerability in IBM Tivoli Monitoring
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error.
low complexity
ibm CWE-416
8.0
2017-12-11 CVE-2017-1760 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information.
local
low complexity
ibm
7.1
2017-12-11 CVE-2017-1606 SQL Injection vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2017-12-07 CVE-2017-1356 SQL Injection vulnerability in IBM Atlas Ediscovery Process Management
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2017-12-07 CVE-2017-1271 Inadequate Encryption Strength vulnerability in IBM Security Guardium 9.0/9.1/9.5
IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.
network
low complexity
ibm CWE-326
7.5