Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-28 | CVE-2016-0295 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2018-02-28 | CVE-2016-0291 | OS Command Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. | 8.8 |
| 2018-02-26 | CVE-2018-1377 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-02-22 | CVE-2018-1417 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Java SDK Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. | 8.1 |
| 2018-02-22 | CVE-2018-1414 | SQL Injection vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. | 8.8 |
| 2018-02-21 | CVE-2017-1758 | XXE vulnerability in IBM products IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-02-21 | CVE-2016-0348 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.0 |
| 2018-02-19 | CVE-2018-1411 | Unspecified vulnerability in IBM Client Application Access and Notes IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. | 7.8 |
| 2018-02-19 | CVE-2018-1410 | Unspecified vulnerability in IBM Client Application Access and Notes IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. | 7.8 |
| 2018-02-19 | CVE-2018-1409 | Unspecified vulnerability in IBM Client Application Access and Notes IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. | 7.8 |