Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-01 | CVE-2018-1608 | Inadequate Encryption Strength vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-04-29 | CVE-2018-2007 | Inadequate Encryption Strength vulnerability in IBM API Connect IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-04-25 | CVE-2018-1720 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-04-22 | CVE-2019-6157 | Information Exposure Through Log Files vulnerability in multiple products In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | 7.5 |
| 2019-04-22 | CVE-2019-6155 | Unspecified vulnerability in IBM products A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. | 7.5 |
| 2019-04-19 | CVE-2019-4055 | Unspecified vulnerability in IBM MQ and MQ Appliance IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. | 7.5 |
| 2019-04-08 | CVE-2019-4210 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.3.2 IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. | 8.1 |
| 2019-04-08 | CVE-2018-2000 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-04-03 | CVE-2019-4014 | Classic Buffer Overflow vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. | 7.8 |
| 2019-04-03 | CVE-2018-1936 | Out-of-bounds Write vulnerability in IBM DB2 IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. | 7.8 |