Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-28 CVE-2015-0114 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I Access for Windows 5.4/6.1/7.1
Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1.
local
low complexity
ibm CWE-119
7.8
2017-08-28 CVE-2014-8900 Cross-Site Request Forgery (CSRF) vulnerability in IBM Urbancode Deploy
Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.
network
low complexity
ibm CWE-352
8.8
2017-08-14 CVE-2017-1469 Code Injection vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories.
local
low complexity
ibm CWE-94
7.8
2017-08-10 CVE-2017-1192 XXE vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2017-08-10 CVE-2017-1174 SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2017-08-09 CVE-2017-3752 Improper Input Validation vulnerability in multiple products
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches.
high complexity
ibm lenovo CWE-20
8.2
2017-08-02 CVE-2014-8903 Command Injection vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.
network
low complexity
ibm CWE-77
8.8
2017-08-02 CVE-2017-1468 Unspecified vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories.
local
low complexity
ibm
7.8
2017-08-02 CVE-2017-1467 Unspecified vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access.
network
high complexity
ibm
8.1
2017-08-02 CVE-2017-1118 Unspecified vulnerability in IBM Websphere MQ Internet Pass-Thru 2.0/2.1
IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy.
network
low complexity
ibm
7.5