Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-27 | CVE-2013-5461 | Credentials Management vulnerability in IBM products IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. | 4.0 |
| 2018-04-27 | CVE-2018-1479 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2018-04-27 | CVE-2018-1475 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 5.0 |
| 2018-04-27 | CVE-2018-1473 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. | 4.3 |
| 2018-04-27 | CVE-2017-1116 | Information Exposure vulnerability in IBM Campaign IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. | 4.0 |
| 2018-04-26 | CVE-2018-1418 | Improper Authentication vulnerability in IBM Qradar Security Information and Event Manager IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. | 6.5 |
| 2018-04-26 | CVE-2017-1723 | Path Traversal vulnerability in IBM products IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. | 4.0 |
| 2018-04-26 | CVE-2017-1722 | SQL Injection vulnerability in IBM Qradar Security Information and Event Manager IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. | 6.5 |
| 2018-04-26 | CVE-2017-1721 | Code Injection vulnerability in IBM Qradar Security Information and Event Manager IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. | 6.8 |
| 2018-04-25 | CVE-2014-0882 | Information Exposure vulnerability in IBM Integrated Management Module Firmware Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). | 4.0 |