Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-18 | CVE-2018-2019 | XXE vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2019-01-17 | CVE-2018-20733 | XXE vulnerability in SAS web Infrastructure Platform 9.4 BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | 5.0 |
| 2019-01-17 | CVE-2015-9281 | Cross-site Scripting vulnerability in SAS web Infrastructure Platform 9.4 Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | 4.3 |
| 2019-01-14 | CVE-2018-1969 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. | 6.5 |
| 2019-01-14 | CVE-2018-1967 | Cross-site Scripting vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. | 4.3 |
| 2019-01-14 | CVE-2018-1956 | Weak Password Requirements vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
| 2019-01-08 | CVE-2018-1932 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. | 4.0 |
| 2019-01-04 | CVE-2018-1888 | Untrusted Search Path vulnerability in IBM I Access 6.1/7.1 An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. | 6.8 |
| 2019-01-04 | CVE-2018-1859 | Unspecified vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. | 6.5 |
| 2018-12-20 | CVE-2018-1661 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |