Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-05 | CVE-2018-1648 | Inadequate Encryption Strength vulnerability in IBM Qradar Incident Forensics IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2018-12-05 | CVE-2017-1622 | Improper Certificate Validation vulnerability in IBM Qradar Incident Forensics IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. | 7.4 |
| 2018-12-03 | CVE-2018-1840 | Exposure of Resource to Wrong Sphere vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. | 8.1 |
| 2018-11-30 | CVE-2018-1927 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Storediq IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-11-30 | CVE-2018-1897 | Out-of-bounds Write vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. | 7.8 |
| 2018-11-26 | CVE-2018-1905 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-11-20 | CVE-2018-1779 | Allocation of Resources Without Limits or Throttling vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. | 7.5 |
| 2018-11-13 | CVE-2018-1808 | Code Injection vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. | 8.8 |
| 2018-11-13 | CVE-2018-1792 | Code Injection vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. | 7.8 |
| 2018-11-12 | CVE-2018-1884 | Path Traversal vulnerability in IBM Case Manager IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. | 7.8 |