Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-25 | CVE-2018-1588 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2018-09-25 | CVE-2018-1539 | Improper Authentication vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. | 6.4 |
| 2018-09-21 | CVE-2018-1711 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. | 4.6 |
| 2018-09-21 | CVE-2018-1710 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.1/10.5/11.1 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. | 4.6 |
| 2018-09-21 | CVE-2018-1685 | Information Exposure vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. | 4.9 |
| 2018-09-20 | CVE-2018-1674 | SQL Injection vulnerability in IBM products IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. | 6.5 |
| 2018-09-19 | CVE-2018-1782 | Unspecified vulnerability in IBM Spectrum Scale 5.0.1.0/5.0.1.1 IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. | 4.9 |
| 2018-09-19 | CVE-2017-1794 | Resource Exhaustion vulnerability in IBM Tivoli Monitoring IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. | 6.0 |
| 2018-09-14 | CVE-2018-1791 | Improper Input Validation vulnerability in IBM Connections 5.0/5.5/6.0 IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. | 4.9 |
| 2018-09-14 | CVE-2018-1719 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. network ibm | 4.3 |