Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-19 CVE-2017-1224 Inadequate Encryption Strength vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2017-07-19 CVE-2017-1218 Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-07-18 CVE-2017-1318 OS Command Injection vulnerability in IBM MQ Appliance
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution.
network
low complexity
ibm CWE-78
8.8
2017-07-17 CVE-2017-1183 SQL Injection vulnerability in IBM Tivoli Monitoring 6.2.2.9/6.2.3.5/6.3.0.7
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used.
high complexity
ibm CWE-89
7.5
2017-07-17 CVE-2017-1182 Unspecified vulnerability in IBM Tivoli Monitoring 6.2.2.9/6.2.3.5/6.3.0.7
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used.
high complexity
ibm
7.5
2017-07-17 CVE-2017-1181 Cleartext Transmission of Sensitive Information vulnerability in IBM Tivoli Monitoring 6.2.2.9/6.2.3.5/6.3.0.7
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted.
local
high complexity
ibm CWE-319
7.0
2017-07-13 CVE-2016-8951 Improper Authentication vulnerability in IBM Emptoris Strategic Supply Management
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack.
network
low complexity
ibm CWE-287
7.5
2017-07-10 CVE-2017-1337 Insufficiently Protected Credentials vulnerability in IBM Websphere MQ 9.0.1/9.0.2
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text.
network
high complexity
ibm CWE-522
8.1
2017-07-05 CVE-2017-1264 Improper Authentication vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors.
network
low complexity
ibm CWE-287
7.5
2017-07-05 CVE-2017-1254 XXE vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1