Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-11 | CVE-2018-1738 | Improper Authentication vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. | 7.1 |
| 2018-10-08 | CVE-2018-1750 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2018-10-05 | CVE-2018-1647 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Qradar Incident Forensics IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. | 7.5 |
| 2018-10-04 | CVE-2018-1819 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. | 8.8 |
| 2018-10-02 | CVE-2018-1509 | Improper Certificate Validation vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 7.4 |
| 2018-10-02 | CVE-2018-1498 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-09-28 | CVE-2018-1702 | XXE vulnerability in IBM Platform Symphony and Spectrum Symphony IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-09-26 | CVE-2018-1785 | Inadequate Encryption Strength vulnerability in IBM products IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. | 7.5 |
| 2018-09-26 | CVE-2018-1768 | Information Exposure Through Log Files vulnerability in IBM Spectrum Protect Plus 10.1.0/10.1.1 IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. | 7.8 |
| 2018-09-26 | CVE-2018-1683 | Missing Encryption of Sensitive Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. | 7.5 |