Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-17 | CVE-2018-1845 | XXE vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-06-07 | CVE-2019-4069 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM products IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. | 8.8 |
| 2019-06-07 | CVE-2019-4068 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM products IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. | 7.5 |
| 2019-06-07 | CVE-2019-4067 | Weak Password Requirements vulnerability in IBM products IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2019-06-07 | CVE-2019-4066 | Unspecified vulnerability in IBM products IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. | 8.8 |
| 2019-06-06 | CVE-2019-4162 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2 IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. | 7.5 |
| 2019-06-06 | CVE-2019-4185 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. high complexity ibm | 8.3 |
| 2019-05-29 | CVE-2019-4256 | Inadequate Encryption Strength vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-05-23 | CVE-2019-4078 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. | 7.8 |
| 2019-05-10 | CVE-2018-1790 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1 IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |