Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-12 | CVE-2018-1926 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. | 8.8 |
| 2018-12-12 | CVE-2018-1901 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. | 8.8 |
| 2018-12-12 | CVE-2018-1476 | Information Exposure vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. | 7.5 |
| 2018-12-07 | CVE-2018-1920 | XXE vulnerability in IBM Marketing Platform 10.1/9.1.0/9.1.2 IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-12-07 | CVE-2018-1883 | Unspecified vulnerability in IBM MQ A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. | 7.5 |
| 2018-12-07 | CVE-2018-1424 | XXE vulnerability in IBM Marketing Platform 10.1/9.1.0/9.1.2 IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-12-05 | CVE-2018-1941 | Improper Privilege Management vulnerability in IBM Campaign IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. | 7.8 |
| 2018-12-05 | CVE-2018-1732 | Information Exposure vulnerability in IBM Qradar Advisor With Watson IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users. | 7.5 |
| 2018-12-05 | CVE-2018-1730 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-12-05 | CVE-2018-1648 | Inadequate Encryption Strength vulnerability in IBM Qradar Incident Forensics IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |