Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2017-1772 | Cross-site Scripting vulnerability in IBM Mobilefirst Platform Foundation IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. | 4.3 |
| 2018-04-04 | CVE-2017-1624 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1 IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 5.5 |
| 2018-04-03 | CVE-2018-8049 | Improper Input Validation vulnerability in Unisys Stealth SVG 2.8 The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets. | 5.0 |
| 2018-04-03 | CVE-2015-1975 | Injection vulnerability in IBM Tivoli Directory Server The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. | 4.6 |
| 2018-03-30 | CVE-2017-1766 | Incorrect Authorization vulnerability in IBM Business Process Manager Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. | 4.0 |
| 2018-03-30 | CVE-2017-1765 | Information Exposure vulnerability in IBM products IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. | 4.0 |
| 2018-03-30 | CVE-2017-1747 | Improper Input Validation vulnerability in IBM Websphere MQ A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. | 4.0 |
| 2018-03-30 | CVE-2017-1705 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.1.0 IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. | 4.0 |
| 2018-03-29 | CVE-2015-4953 | Inadequate Encryption Strength vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. | 5.8 |
| 2018-03-29 | CVE-2015-4952 | Unspecified vulnerability in IBM Endpoint Manager for Remote Control 9.0.1/9.1.0 The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. network ibm | 6.8 |