Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-21 | CVE-2018-1946 | Inadequate Encryption Strength vulnerability in IBM Security Identity Governance and Intelligence 5.2.2.1 IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. | 5.0 |
| 2019-02-21 | CVE-2018-1945 | Improper Input Validation vulnerability in IBM Security Identity Governance and Intelligence 5.2.2.1 IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. | 5.8 |
| 2019-02-15 | CVE-2018-1727 | XXE vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2019-02-15 | CVE-2018-1701 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. network ibm | 6.0 |
| 2019-02-15 | CVE-2017-1695 | Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2019-02-07 | CVE-2018-1666 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. | 4.0 |
| 2019-02-05 | CVE-2017-1200 | Improper Certificate Validation vulnerability in IBM Bigfix Compliance 1.7/1.8/1.9.91 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 4.3 |
| 2019-02-05 | CVE-2017-1198 | Information Exposure Through Log Files vulnerability in IBM Bigfix Compliance 1.7/1.8/1.9.91 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. | 5.0 |
| 2019-02-05 | CVE-2017-1177 | Information Exposure vulnerability in IBM Bigfix Compliance 1.7/1.8/1.9.91 IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. | 5.0 |
| 2019-02-04 | CVE-2019-4038 | Code Injection vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. | 6.2 |