Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-14 | CVE-2017-1499 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. | 8.8 |
| 2018-02-13 | CVE-2017-1714 | Unspecified vulnerability in IBM Client Application Access and Notes IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. | 7.8 |
| 2018-02-13 | CVE-2017-1711 | Untrusted Search Path vulnerability in IBM Client Application Access and Notes IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. | 7.8 |
| 2018-02-07 | CVE-2018-1388 | Information Exposure vulnerability in IBM Websphere MQ GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. | 7.5 |
| 2018-02-07 | CVE-2018-1366 | Unspecified vulnerability in IBM Content Navigator IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. | 7.8 |
| 2018-02-07 | CVE-2017-1692 | Unspecified vulnerability in IBM AIX IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | 7.8 |
| 2018-02-02 | CVE-2016-0312 | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. | 7.5 |
| 2018-01-30 | CVE-2017-1731 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. | 8.8 |
| 2018-01-29 | CVE-2018-1364 | XXE vulnerability in IBM Content Navigator 2.0.3/3.0.2/3.0.3 IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2018-01-29 | CVE-2017-1779 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. | 7.8 |