Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-09 | CVE-2018-1781 | Link Following vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. | 7.8 |
| 2018-11-09 | CVE-2018-1780 | Link Following vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. | 7.8 |
| 2018-11-09 | CVE-2018-1774 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM API Connect IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. | 7.8 |
| 2018-11-02 | CVE-2018-1877 | Cleartext Storage of Sensitive Information vulnerability in IBM Robotic Process Automation With Automation Anywhere 11.0 IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. | 7.8 |
| 2018-11-02 | CVE-2018-1846 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-11-02 | CVE-2018-1835 | XXE vulnerability in IBM Daeja Viewone 5.0 IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-11-02 | CVE-2018-1552 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Robotic Process Automation With Automation Anywhere 10/11 IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. | 8.8 |
| 2018-10-22 | CVE-2018-1850 | Unspecified vulnerability in IBM Security Access Manager 9.0.3.1/9.0.4.0/9.0.5.0 IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. | 7.5 |
| 2018-10-15 | CVE-2018-1747 | XXE vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-10-12 | CVE-2018-1844 | XXE vulnerability in IBM Filenet Content Manager 5.2.1/5.5.0 IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |