Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-28 CVE-2016-0291 OS Command Injection vulnerability in IBM Bigfix Platform
IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access.
network
low complexity
ibm CWE-78
8.8
2018-02-26 CVE-2018-1377 Insufficiently Protected Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 3.1
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
7.8
2018-02-22 CVE-2018-1417 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Java SDK
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges.
network
high complexity
ibm CWE-732
8.1
2018-02-22 CVE-2018-1414 SQL Injection vulnerability in IBM products
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2018-02-21 CVE-2017-1758 XXE vulnerability in IBM products
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-02-21 CVE-2016-0348 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.0
2018-02-19 CVE-2018-1411 Unspecified vulnerability in IBM Client Application Access and Notes
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system.
local
low complexity
ibm
7.8
2018-02-19 CVE-2018-1410 Unspecified vulnerability in IBM Client Application Access and Notes
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system.
local
low complexity
ibm
7.8
2018-02-19 CVE-2018-1409 Unspecified vulnerability in IBM Client Application Access and Notes
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system.
local
low complexity
ibm
7.8
2018-02-14 CVE-2017-1499 Unrestricted Upload of File with Dangerous Type vulnerability in IBM products
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server.
network
low complexity
ibm CWE-434
8.8