Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-02 CVE-2019-4043 XXE vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2019-04-02 CVE-2018-1680 Weak Password Requirements vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2019-04-02 CVE-2018-1640 Improper Input Validation vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-20
8.8
2019-04-02 CVE-2018-1622 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2019-04-02 CVE-2018-1618 Path Traversal vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2019-03-25 CVE-2019-4046 Resource Exhaustion vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers.
network
low complexity
ibm CWE-400
7.5
2019-03-22 CVE-2019-4052 Unspecified vulnerability in IBM API Connect
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users.
network
low complexity
ibm
7.5
2019-03-21 CVE-2019-4094 Uncontrolled Search Path Element vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library.
local
low complexity
ibm CWE-427
7.8
2019-03-14 CVE-2019-4034 Unspecified vulnerability in IBM Content Navigator 3.0.0
IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation.
network
low complexity
ibm
8.8
2019-03-11 CVE-2019-4016 Classic Buffer Overflow vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.
local
low complexity
ibm CWE-120
7.8