Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-1795 | Cross-site Scripting vulnerability in IBM Robotic Process Automation With Automation Anywhere 10.0 IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. | 4.3 |
| 2018-10-05 | CVE-2018-1649 | Path Traversal vulnerability in IBM Qradar Incident Forensics IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. | 4.0 |
| 2018-10-05 | CVE-2018-1647 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Qradar Incident Forensics IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. | 5.0 |
| 2018-10-04 | CVE-2018-1819 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. | 6.5 |
| 2018-10-04 | CVE-2018-1670 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1 IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. | 4.0 |
| 2018-10-03 | CVE-2018-1794 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. | 4.3 |
| 2018-10-03 | CVE-2018-1793 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. | 4.3 |
| 2018-10-02 | CVE-2018-1593 | Inadequate Encryption Strength vulnerability in IBM Multi-Cloud Data Encryption 2.1/2.1.0.1 IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. | 5.0 |
| 2018-10-02 | CVE-2018-1509 | Improper Certificate Validation vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 5.8 |
| 2018-10-01 | CVE-2018-1672 | Improper Authentication vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. | 6.5 |