Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-04 | CVE-2018-1970 | XXE vulnerability in IBM Security Access Manager IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2019-02-04 | CVE-2018-1801 | XXE vulnerability in IBM products IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.0 |
| 2019-02-04 | CVE-2018-1675 | Information Exposure vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. | 5.0 |
| 2019-01-31 | CVE-2019-4040 | Cross-site Scripting vulnerability in IBM I 7.2/7.3 IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. | 6.1 |
| 2019-01-29 | CVE-2018-1976 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. | 4.0 |
| 2019-01-29 | CVE-2018-1733 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. | 5.0 |
| 2019-01-29 | CVE-2018-1668 | Improper Authentication vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. | 5.0 |
| 2019-01-24 | CVE-2018-1959 | Use of Hard-coded Credentials vulnerability in IBM Security Identity Manager IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 4.6 |
| 2019-01-23 | CVE-2018-2026 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.2.1.0 IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. | 4.0 |
| 2019-01-23 | CVE-2018-1751 | Inadequate Encryption Strength vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |