Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-09 | CVE-2018-1774 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM API Connect IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. | 7.8 |
| 2018-11-02 | CVE-2018-1877 | Cleartext Storage of Sensitive Information vulnerability in IBM Robotic Process Automation With Automation Anywhere 11.0 IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. | 7.8 |
| 2018-11-02 | CVE-2018-1846 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-11-02 | CVE-2018-1835 | XXE vulnerability in IBM Daeja Viewone 5.0 IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-11-02 | CVE-2018-1552 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Robotic Process Automation With Automation Anywhere 10/11 IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. | 8.8 |
| 2018-10-22 | CVE-2018-1850 | Unspecified vulnerability in IBM Security Access Manager 9.0.3.1/9.0.4.0/9.0.5.0 IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. | 7.5 |
| 2018-10-15 | CVE-2018-1747 | XXE vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-10-12 | CVE-2018-1844 | XXE vulnerability in IBM Filenet Content Manager 5.2.1/5.5.0 IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-10-12 | CVE-2017-1231 | Insufficiently Protected Credentials vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-10-11 | CVE-2018-1745 | Missing Authentication for Critical Function vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. | 7.5 |