Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-02 | CVE-2018-1680 | Weak Password Requirements vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
| 2019-04-02 | CVE-2018-1626 | Session Fixation vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.0 |
| 2019-04-02 | CVE-2018-1625 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. | 4.0 |
| 2019-04-02 | CVE-2018-1622 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2019-04-02 | CVE-2018-1618 | Path Traversal vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. | 5.0 |
| 2019-03-22 | CVE-2019-4035 | Open Redirect vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. | 4.9 |
| 2019-03-21 | CVE-2018-1992 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM products The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. | 6.9 |
| 2019-03-21 | CVE-2017-1713 | Inadequate Encryption Strength vulnerability in IBM Infosphere Streams 4.2.1 IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.3 |
| 2019-03-14 | CVE-2019-4034 | Unspecified vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. | 6.5 |
| 2019-03-14 | CVE-2018-1929 | Information Exposure vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. | 4.0 |