Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2018-11-09 CVE-2018-1842 Improper Verification of Cryptographic Signature vulnerability in multiple products
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token.
local
high complexity
ibm netapp CWE-347
3.6
2018-08-30 CVE-2016-0205 Information Exposure vulnerability in IBM Cloud Orchestrator
A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system.
local
low complexity
ibm CWE-200
3.3
2018-08-30 CVE-2016-0234 Insufficient Session Expiration vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser.
local
low complexity
ibm CWE-613
3.3
2018-05-29 CVE-2018-1369 Information Exposure vulnerability in IBM Security Guardium BIG Data Intelligence 3.1
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters.
network
high complexity
ibm CWE-200
3.7
2018-04-04 CVE-2017-1733 Information Exposure Through Log Files vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-532
3.3
2018-03-30 CVE-2017-1756 Information Exposure vulnerability in IBM Business Process Manager
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
3.3
2018-03-26 CVE-2015-5045 Information Exposure vulnerability in IBM Rational License KEY Server
The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
ibm CWE-200
3.3
2018-03-20 CVE-2015-7449 Inadequate Encryption Strength vulnerability in IBM products
IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption.
local
low complexity
ibm CWE-326
3.3
2018-03-09 CVE-2016-0275 Information Exposure vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows local users to obtain sensitive information via vectors related to cacheable HTTPS responses.
local
low complexity
ibm CWE-200
3.3
2018-03-02 CVE-2017-1654 Information Exposure vulnerability in IBM General Parallel File System and Spectrum Scale
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files.
local
low complexity
ibm CWE-200
3.3