Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-06 | CVE-2017-1239 | Information Exposure vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. | 5.0 |
| 2018-06-27 | CVE-2018-1553 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. | 5.0 |
| 2018-06-27 | CVE-2018-1543 | Improper Certificate Validation vulnerability in IBM Websphere MQ 8.0/9.0 IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. | 4.3 |
| 2018-06-26 | CVE-2018-1614 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. | 5.0 |
| 2018-06-26 | CVE-2018-1374 | Improper Input Validation vulnerability in IBM Websphere MQ An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. | 4.0 |
| 2018-06-13 | CVE-2018-1431 | Unspecified vulnerability in IBM General Parallel File System and Spectrum Scale A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. | 4.6 |
| 2018-06-13 | CVE-2018-1393 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.6.0 IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. | 4.0 |
| 2018-06-08 | CVE-2018-1453 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Identity Manager 7.0/7.0.1 IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. | 6.5 |
| 2018-06-08 | CVE-2017-1405 | Insufficient Verification of Data Authenticity vulnerability in IBM Security Identity Manager 7.0/7.0.1 IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. | 4.0 |
| 2018-06-07 | CVE-2018-1547 | Unspecified vulnerability in IBM Robotic Process Automation With Automation Anywhere 10.0 IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. | 5.1 |