Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-03 | CVE-2016-9976 | Improper Access Control vulnerability in IBM products IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. | 8.4 |
2017-05-03 | CVE-2016-2930 | Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.3 IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. | 7.5 |
2017-04-28 | CVE-2017-1194 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2017-04-25 | CVE-2017-1274 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. | 8.8 |
2017-04-25 | CVE-2017-1149 | XXE vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
2017-04-24 | CVE-2015-0104 | Improper Access Control vulnerability in IBM products IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. | 8.8 |
2017-04-20 | CVE-2017-1122 | Unspecified vulnerability in IBM Security Guardium IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. | 7.4 |
2017-04-17 | CVE-2017-1161 | Improper Input Validation vulnerability in IBM API Connect 5.0.6.0 IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. | 7.3 |
2017-04-17 | CVE-2016-3036 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. | 7.5 |
2017-04-14 | CVE-2017-1205 | Unspecified vulnerability in IBM Spectrum LSF IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. | 8.8 |