Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-09 | CVE-2019-4071 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. | 8.8 |
| 2019-05-07 | CVE-2019-4208 | XXE vulnerability in IBM Tririga Application Platform 3.5.3.0/3.6.0.0 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-05-07 | CVE-2018-2001 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-05-01 | CVE-2018-1608 | Inadequate Encryption Strength vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-04-29 | CVE-2018-2007 | Inadequate Encryption Strength vulnerability in IBM API Connect IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-04-25 | CVE-2018-1720 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-04-22 | CVE-2019-6157 | Information Exposure Through Log Files vulnerability in multiple products In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | 7.5 |
| 2019-04-22 | CVE-2019-6155 | Unspecified vulnerability in IBM products A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. | 7.5 |
| 2019-04-19 | CVE-2019-4055 | Unspecified vulnerability in IBM MQ and MQ Appliance IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. | 7.5 |
| 2019-04-08 | CVE-2019-4210 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.3.2 IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. | 8.1 |