Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-20 | CVE-2014-0912 | Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. | 5.0 |
| 2018-04-20 | CVE-2014-0883 | Cross-site Scripting vulnerability in IBM Power Hardware Management Console IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. | 6.1 |
| 2018-04-20 | CVE-2014-6112 | Information Exposure vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. | 4.3 |
| 2018-04-20 | CVE-2014-6108 | Information Exposure vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. | 4.3 |
| 2018-04-20 | CVE-2014-4782 | Information Exposure vulnerability in IBM Infosphere Biginsights 2.1.2 IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. | 4.0 |
| 2018-04-17 | CVE-2018-1371 | Unspecified vulnerability in IBM Websphere MQ 8.0.0.8/9.0.0.2/9.0.4 An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. | 4.0 |
| 2018-04-11 | CVE-2018-1483 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.5.0.0/9.0 IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.3 |
| 2018-04-10 | CVE-2015-0172 | Information Exposure vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0 IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. | 5.0 |
| 2018-04-04 | CVE-2018-1447 | Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. | 5.0 |
| 2018-04-04 | CVE-2018-1421 | XXE vulnerability in IBM Datapower Gateway IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |