Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-23 | CVE-2017-1764 | Insufficiently Protected Credentials vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. | 1.9 |
| 2018-04-23 | CVE-2017-1786 | Missing Release of Resource after Effective Lifetime vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. | 3.5 |
| 2018-04-20 | CVE-2014-6109 | Improper Access Control vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. | 3.5 |
| 2018-04-20 | CVE-2014-6111 | Credentials Management vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. | 2.1 |
| 2018-04-17 | CVE-2018-1445 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2018-04-16 | CVE-2015-1952 | Cross-site Scripting vulnerability in IBM Security Appscan Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2018-04-12 | CVE-2014-6169 | Cross-site Scripting vulnerability in IBM Forms Experience Builder 8.5/8.5.1 Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2018-04-12 | CVE-2017-1790 | Cross-site Scripting vulnerability in IBM products IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. | 3.5 |
| 2018-04-10 | CVE-2015-1957 | Information Exposure vulnerability in IBM Websphere MQ IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. | 3.5 |
| 2018-04-04 | CVE-2017-1733 | Information Exposure Through Log Files vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1 IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. | 2.1 |