Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-04 | CVE-2018-1675 | Information Exposure vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. | 7.5 |
| 2019-01-29 | CVE-2018-1668 | Improper Authentication vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. | 7.5 |
| 2019-01-24 | CVE-2018-1959 | Use of Hard-coded Credentials vulnerability in IBM Security Identity Manager IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
| 2019-01-23 | CVE-2018-1751 | Inadequate Encryption Strength vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-01-18 | CVE-2018-2019 | XXE vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-01-14 | CVE-2018-1956 | Weak Password Requirements vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2019-01-04 | CVE-2018-1888 | Untrusted Search Path vulnerability in IBM I Access 6.1/7.1 An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. | 7.8 |
| 2018-12-20 | CVE-2018-1973 | Improper Privilege Management vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. | 7.2 |
| 2018-12-20 | CVE-2018-1778 | Improper Authentication vulnerability in IBM API Connect IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). | 8.1 |
| 2018-12-20 | CVE-2018-1771 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino and Notes IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. | 7.8 |