Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-03 CVE-2016-9976 Improper Access Control vulnerability in IBM products
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files.
local
low complexity
ibm CWE-284
8.4
2017-05-03 CVE-2016-2930 Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.3
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication.
network
low complexity
ibm CWE-284
7.5
2017-04-28 CVE-2017-1194 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-04-25 CVE-2017-1274 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name.
network
low complexity
ibm CWE-119
8.8
2017-04-25 CVE-2017-1149 XXE vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-04-24 CVE-2015-0104 Improper Access Control vulnerability in IBM products
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
network
low complexity
ibm CWE-284
8.8
2017-04-20 CVE-2017-1122 Unspecified vulnerability in IBM Security Guardium
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root.
local
high complexity
ibm
7.4
2017-04-17 CVE-2017-1161 Improper Input Validation vulnerability in IBM API Connect 5.0.6.0
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal.
network
low complexity
ibm CWE-20
7.3
2017-04-17 CVE-2016-3036 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2
IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets.
network
low complexity
ibm CWE-119
7.5
2017-04-14 CVE-2017-1205 Unspecified vulnerability in IBM Spectrum LSF
IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access.
local
low complexity
ibm
8.8