Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-13 CVE-2017-1477 XXE vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-11-13 CVE-2017-1453 OS Command Injection vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-78
8.8
2017-11-01 CVE-2017-1300 Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-10-24 CVE-2017-1583 Information Exposure vulnerability in IBM Liberty 3.13
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF.
network
low complexity
ibm CWE-200
7.5
2017-10-24 CVE-2017-1523 Missing Authentication for Critical Function vulnerability in IBM Infosphere Master Data Management 11.5
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication.
network
low complexity
ibm CWE-306
7.5
2017-10-24 CVE-2017-1375 Inadequate Encryption Strength vulnerability in IBM Storwize Unified V7000 Software 1.5/1.6
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2017-10-24 CVE-2017-1210 Improper Input Validation vulnerability in IBM Daeja Viewone
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate.
network
low complexity
ibm CWE-20
7.5
2017-10-05 CVE-2017-1378 Insufficiently Protected Credentials vulnerability in IBM Tivoli Storage Manager
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user.
local
low complexity
ibm CWE-522
7.8
2017-10-05 CVE-2017-1201 Insufficiently Protected Credentials vulnerability in IBM Bigfix Security Compliance Analytics 1.9.79
IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
7.8
2017-10-04 CVE-2017-1541 Improper Input Validation vulnerability in IBM AIX
A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly.
network
low complexity
ibm CWE-20
7.3