Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-15 | CVE-2018-1747 | XXE vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-10-12 | CVE-2018-1844 | XXE vulnerability in IBM Filenet Content Manager 5.2.1/5.5.0 IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-10-12 | CVE-2017-1231 | Insufficiently Protected Credentials vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-10-11 | CVE-2018-1745 | Missing Authentication for Critical Function vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. | 7.5 |
| 2018-10-11 | CVE-2018-1738 | Improper Authentication vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. | 7.1 |
| 2018-10-08 | CVE-2018-1750 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2018-10-05 | CVE-2018-1647 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Qradar Incident Forensics IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. | 7.5 |
| 2018-10-04 | CVE-2018-1819 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. | 8.8 |
| 2018-10-02 | CVE-2018-1509 | Improper Certificate Validation vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 7.4 |
| 2018-10-02 | CVE-2018-1498 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |