Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-17 CVE-2017-1597 Weak Password Requirements vulnerability in IBM Security Guardium
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
5.0
5.0
2018-12-17 CVE-2017-1272 Information Exposure vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.0
5.0
2018-12-17 CVE-2017-1265 Improper Certificate Validation vulnerability in IBM Security Guardium
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate.
network
ibm CWE-295
4.3
4.3
2018-12-14 CVE-2018-1977 Improper Input Validation vulnerability in IBM DB2 11.1
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability.
network
low complexity
ibm linux microsoft CWE-20
4.0
4.0
2018-12-14 CVE-2018-1848 Cross-site Scripting vulnerability in IBM products
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2018-12-13 CVE-2018-1887 Use of Hard-coded Credentials vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
local
low complexity
ibm CWE-798
4.6
4.6
2018-12-13 CVE-2018-1886 Information Exposure vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.0
5.0
2018-12-13 CVE-2018-1821 XXE vulnerability in IBM Operational Decision Manager
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
6.4
6.4
2018-12-13 CVE-2018-1817 Cross-site Scripting vulnerability in IBM Security Guardium
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2018-12-13 CVE-2018-1815 Cross-site Scripting vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3