Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-18 | CVE-2014-6106 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. | 8.8 |
| 2017-09-12 | CVE-2017-1452 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. | 7.8 |
| 2017-09-12 | CVE-2017-1451 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. | 7.8 |
| 2017-09-12 | CVE-2017-1162 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. | 7.5 |
| 2017-09-07 | CVE-2014-9565 | Cross-Site Request Forgery (CSRF) vulnerability in IBM En6131 Firmware and Ib6131 Firmware Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | 8.8 |
| 2017-09-05 | CVE-2017-1491 | Unspecified vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. | 7.5 |
| 2017-09-05 | CVE-2017-1458 | XXE vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-09-05 | CVE-2017-1097 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-08-30 | CVE-2017-1442 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-08-30 | CVE-2017-1440 | Code Injection vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. | 8.8 |