Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-29 | CVE-2015-2009 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. | 6.8 |
| 2018-03-27 | CVE-2015-5016 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. | 4.0 |
| 2018-03-27 | CVE-2015-4987 | Improper Authentication vulnerability in IBM Tealeaf Customer Experience The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. | 6.4 |
| 2018-03-27 | CVE-2015-4954 | Improper Certificate Validation vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. | 4.3 |
| 2018-03-26 | CVE-2015-7424 | Information Exposure vulnerability in IBM Infosphere Master Data Management IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. | 4.0 |
| 2018-03-26 | CVE-2015-7401 | Information Exposure vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. | 4.0 |
| 2018-03-26 | CVE-2015-5039 | Cryptographic Issues vulnerability in IBM Rational Clearcase The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. | 5.8 |
| 2018-03-23 | CVE-2017-1602 | Files or Directories Accessible to External Parties vulnerability in IBM products IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. | 4.0 |
| 2018-03-23 | CVE-2017-1524 | Information Exposure vulnerability in IBM products IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. | 4.0 |
| 2018-03-22 | CVE-2018-1426 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in IBM DB2 IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. | 6.4 |