Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-25 | CVE-2018-1515 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.5/11.1 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. | 4.4 |
| 2018-05-25 | CVE-2018-1467 | Information Exposure vulnerability in IBM Storwize Unified V7000 Software 1.6 The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. | 5.0 |
| 2018-05-25 | CVE-2018-1459 | Out-of-bounds Write vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. | 4.6 |
| 2018-05-25 | CVE-2017-1752 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. | 4.0 |
| 2018-05-24 | CVE-2013-3023 | Information Exposure vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. | 4.3 |
| 2018-05-24 | CVE-2013-3018 | Information Exposure vulnerability in IBM Tivoli Application Dependency Discovery Manager The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. | 5.0 |
| 2018-05-22 | CVE-2018-1583 | Unspecified vulnerability in IBM Storediq 7.6.0 IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. | 5.5 |
| 2018-05-17 | CVE-2018-1464 | Information Exposure vulnerability in IBM products IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. | 4.0 |
| 2018-05-17 | CVE-2018-1463 | Incorrect Authorization vulnerability in IBM products IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. | 4.0 |
| 2018-05-17 | CVE-2018-1462 | Incorrect Authorization vulnerability in IBM products IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. | 6.5 |