Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-05 | CVE-2017-1622 | Improper Certificate Validation vulnerability in IBM Qradar Incident Forensics IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. | 7.4 |
| 2018-12-03 | CVE-2018-1840 | Exposure of Resource to Wrong Sphere vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. | 8.1 |
| 2018-11-30 | CVE-2018-1927 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Storediq IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-11-30 | CVE-2018-1897 | Out-of-bounds Write vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. | 7.8 |
| 2018-11-26 | CVE-2018-1905 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-11-20 | CVE-2018-1779 | Allocation of Resources Without Limits or Throttling vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. | 7.5 |
| 2018-11-13 | CVE-2018-1808 | Code Injection vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. | 8.8 |
| 2018-11-13 | CVE-2018-1792 | Code Injection vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. | 7.8 |
| 2018-11-12 | CVE-2018-1884 | Path Traversal vulnerability in IBM Case Manager IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. | 7.8 |
| 2018-11-12 | CVE-2018-1786 | Resource Exhaustion vulnerability in IBM products IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. | 7.5 |