Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-12 | CVE-2017-1452 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. | 7.8 |
| 2017-09-12 | CVE-2017-1451 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. | 7.8 |
| 2017-09-12 | CVE-2017-1162 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. | 7.5 |
| 2017-09-07 | CVE-2014-9565 | Cross-Site Request Forgery (CSRF) vulnerability in IBM En6131 Firmware and Ib6131 Firmware Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | 8.8 |
| 2017-09-05 | CVE-2017-1491 | Unspecified vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. | 7.5 |
| 2017-09-05 | CVE-2017-1458 | XXE vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-09-05 | CVE-2017-1097 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-08-30 | CVE-2017-1442 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-08-30 | CVE-2017-1440 | Code Injection vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. | 8.8 |
| 2017-08-29 | CVE-2016-2972 | Credentials Management vulnerability in IBM Sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. | 7.8 |