Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-31 | CVE-2018-1638 | Improper Authentication vulnerability in IBM API Connect IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. | 8.1 |
| 2018-07-26 | CVE-2018-9068 | Use of Hard-coded Credentials vulnerability in multiple products The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. | 7.5 |
| 2018-07-20 | CVE-2017-1544 | Information Exposure vulnerability in IBM Sterling File Gateway IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. | 7.8 |
| 2018-07-16 | CVE-2013-0522 | Information Exposure vulnerability in IBM Lotus Notes The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. | 7.0 |
| 2018-07-11 | CVE-2013-2972 | Improper Access Control vulnerability in IBM Websphere Cast Iron Cloud Integration 6.0.0.0/6.1.0.0/6.3.0.0 IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. | 7.5 |
| 2018-07-11 | CVE-2013-2951 | Credentials Management vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. | 7.8 |
| 2018-07-11 | CVE-2013-0589 | Information Exposure vulnerability in IBM Inotes IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. | 7.5 |
| 2018-07-10 | CVE-2018-1566 | Use of Externally-Controlled Format String vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. | 7.8 |
| 2018-07-10 | CVE-2018-1487 | Untrusted Search Path vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. | 7.8 |
| 2018-07-10 | CVE-2018-1458 | Untrusted Search Path vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. | 7.8 |