Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-07 | CVE-2018-1424 | XXE vulnerability in IBM Marketing Platform 10.1/9.1.0/9.1.2 IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2018-12-06 | CVE-2018-1935 | Information Exposure vulnerability in IBM Connections 5.0/5.5/6.0 IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. | 4.0 |
| 2018-12-06 | CVE-2018-1525 | Cleartext Transmission of Sensitive Information vulnerability in IBM I2 Enterprise Insight Analysis 2.1.7/2.1.8 IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2018-12-06 | CVE-2018-1504 | Improper Input Validation vulnerability in IBM I2 Enterprise Insight Analysis 2.1.7/2.1.8 IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2018-12-05 | CVE-2018-1941 | Improper Privilege Management vulnerability in IBM Campaign IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. | 4.6 |
| 2018-12-05 | CVE-2018-1732 | Information Exposure vulnerability in IBM Qradar Advisor With Watson IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users. | 5.0 |
| 2018-12-05 | CVE-2018-1730 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2018-12-05 | CVE-2018-1697 | Information Exposure vulnerability in IBM Maximo Asset Management 7.6 IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. | 4.0 |
| 2018-12-05 | CVE-2018-1648 | Inadequate Encryption Strength vulnerability in IBM Qradar Incident Forensics IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2018-12-05 | CVE-2017-1622 | Improper Certificate Validation vulnerability in IBM Qradar Incident Forensics IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. | 5.8 |