Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-10 | CVE-2018-1487 | Untrusted Search Path vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. | 7.8 |
| 2018-07-10 | CVE-2018-1458 | Untrusted Search Path vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. | 7.8 |
| 2018-07-09 | CVE-2013-3017 | Cryptographic Issues vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. | 7.5 |
| 2018-07-09 | CVE-2013-3001 | Path Traversal vulnerability in IBM Infosphere Data Replication Dashboard 10.1/9.7 Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2018-07-06 | CVE-2018-1542 | XXE vulnerability in IBM Content Foundation and Filenet Content Manager IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-06-27 | CVE-2018-1553 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. | 7.5 |
| 2018-06-26 | CVE-2018-1614 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. | 7.5 |
| 2018-06-15 | CVE-2018-1460 | Improper Privilege Management vulnerability in IBM Puredata System for Analytics 1.0.0 IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. | 7.8 |
| 2018-06-13 | CVE-2018-1431 | Unspecified vulnerability in IBM General Parallel File System and Spectrum Scale A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. | 7.8 |
| 2018-06-08 | CVE-2018-1453 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Identity Manager 7.0/7.0.1 IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. | 8.8 |