Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-03 CVE-2017-1569 Unspecified vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service.
network
low complexity
ibm
7.5
2017-10-03 CVE-2017-1311 SQL Injection vulnerability in IBM Insights Foundation for Energy 2.0
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2017-09-28 CVE-2017-1577 Path Traversal vulnerability in IBM Websphere Portal
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2017-09-28 CVE-2017-1483 Missing Authentication for Critical Function vulnerability in IBM products
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
network
low complexity
ibm CWE-306
8.6
2017-09-28 CVE-2017-1407 Command Injection vulnerability in IBM products
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-77
8.8
2017-09-26 CVE-2017-1539 Unspecified vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships.
network
low complexity
ibm
8.8
2017-09-26 CVE-2017-1527 XXE vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-09-25 CVE-2017-1362 Insufficiently Protected Credentials vulnerability in IBM Security Identity Manager 6.0/7.0
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
7.8
2017-09-20 CVE-2015-0162 Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
local
high complexity
ibm CWE-264
7.0
2017-09-18 CVE-2014-6106 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.
network
low complexity
ibm CWE-352
8.8