Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-1778 | Improper Authentication vulnerability in IBM API Connect IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). | 8.1 |
| 2018-12-20 | CVE-2018-1771 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino and Notes IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. | 7.8 |
| 2018-12-20 | CVE-2018-1661 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-12-17 | CVE-2017-1597 | Weak Password Requirements vulnerability in IBM Security Guardium IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2018-12-13 | CVE-2018-1887 | Use of Hard-coded Credentials vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
| 2018-12-13 | CVE-2018-1814 | Inadequate Encryption Strength vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2018-12-13 | CVE-2018-1665 | Inadequate Encryption Strength vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2018-12-13 | CVE-2017-1268 | Cryptographic Issues vulnerability in IBM Security Guardium IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. | 7.5 |
| 2018-12-12 | CVE-2018-1926 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. | 8.8 |
| 2018-12-12 | CVE-2018-1901 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. | 8.8 |