Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-27 | CVE-2019-4252 | Path Traversal vulnerability in IBM products IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2019-06-26 | CVE-2019-4241 | Unspecified vulnerability in IBM Pureapplication System IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. | 7.8 |
| 2019-06-26 | CVE-2019-4235 | Weak Password Requirements vulnerability in IBM Pureapplication System IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2019-06-26 | CVE-2019-4224 | SQL Injection vulnerability in IBM Pureapplication System IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. | 8.8 |
| 2019-06-25 | CVE-2019-4145 | Unspecified vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. | 7.1 |
| 2019-06-25 | CVE-2019-4135 | Unspecified vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. | 8.8 |
| 2019-06-25 | CVE-2018-1858 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-06-19 | CVE-2019-4364 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. | 8.0 |
| 2019-06-18 | CVE-2019-4142 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud Private IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-06-17 | CVE-2019-4103 | Unspecified vulnerability in IBM Tivoli Netcool/Impact 7.1.0 IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. low complexity ibm | 8.0 |