Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2017-12-07 CVE-2017-1341 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access.
network
high complexity
ibm
3.7
2017-12-07 CVE-2017-1353 Information Exposure vulnerability in IBM Atlas Ediscovery Process Management
IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links.
network
low complexity
ibm CWE-200
3.5
2017-12-07 CVE-2017-1355 Information Exposure vulnerability in IBM Atlas Ediscovery Process Management
IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters.
network
high complexity
ibm CWE-200
3.7
2017-12-07 CVE-2017-1497 Information Exposure vulnerability in IBM Sterling File Gateway 2.2
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file.
network
high complexity
ibm CWE-200
3.7
2017-10-26 CVE-2017-1228 Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute.
network
high complexity
ibm CWE-200
3.7
2017-10-24 CVE-2017-1211 Information Exposure vulnerability in IBM Daeja Viewone
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled.
local
high complexity
ibm CWE-200
2.5
2017-09-25 CVE-2017-1346 Race Condition vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan.
local
high complexity
ibm CWE-362
2.5
2017-09-12 CVE-2017-1520 Improper Authentication vulnerability in IBM DB2 and DB2 Connect
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT.
network
high complexity
ibm CWE-287
3.7
2017-08-29 CVE-2016-2974 Information Exposure vulnerability in IBM Sametime
IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user.
local
low complexity
ibm CWE-200
3.3
2017-08-29 CVE-2016-2978 Information Exposure vulnerability in IBM Sametime
IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user.
local
low complexity
ibm CWE-200
3.3