Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-13 | CVE-2018-1698 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. | 5.0 |
| 2018-09-12 | CVE-2018-1773 | Improper Authentication vulnerability in IBM Datacap 9.1.1/9.1.3/9.1.4 IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. | 4.0 |
| 2018-09-07 | CVE-2018-1789 | Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. | 6.5 |
| 2018-09-07 | CVE-2018-1757 | Missing Authentication for Critical Function vulnerability in IBM Security Identity Governance and Intelligence 5.2.3.2/5.2.4 IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. | 5.0 |
| 2018-09-07 | CVE-2018-1756 | SQL Injection vulnerability in IBM Security Identity Governance and Intelligence 5.2.3.2/5.2.4 IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. | 5.0 |
| 2018-09-06 | CVE-2018-1695 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server 7.0.0.0/8.0.0.0/8.5.5.0 IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. | 6.8 |
| 2018-09-05 | CVE-2016-1000232 | Improper Input Validation vulnerability in multiple products NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. | 5.0 |
| 2018-08-30 | CVE-2016-0373 | Improper Authorization vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. | 4.0 |
| 2018-08-28 | CVE-2018-1705 | Information Exposure vulnerability in IBM Platform Symphony and Spectrum Symphony IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. | 4.0 |
| 2018-08-27 | CVE-2018-1644 | Information Exposure vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user. | 4.0 |