Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-02 | CVE-2018-1373 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 5.0 |
| 2018-02-28 | CVE-2016-0299 | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. | 5.0 |
| 2018-02-28 | CVE-2016-0295 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
| 2018-02-27 | CVE-2018-1425 | Inadequate Encryption Strength vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.3 |
| 2018-02-27 | CVE-2018-1416 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 4.3 |
| 2018-02-27 | CVE-2018-1372 | Weak Password Requirements vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
| 2018-02-26 | CVE-2017-1774 | Information Exposure vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. | 5.0 |
| 2018-02-22 | CVE-2018-1417 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Java SDK Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. | 6.8 |
| 2018-02-22 | CVE-2018-1414 | SQL Injection vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. | 6.5 |
| 2018-02-22 | CVE-2018-1391 | Unspecified vulnerability in IBM Financial Transaction Manager 3.0.4.0/3.1.0.0 IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. | 4.0 |