Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-07 | CVE-2017-1356 | SQL Injection vulnerability in IBM Atlas Ediscovery Process Management IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. | 6.5 |
| 2017-12-07 | CVE-2017-1355 | Information Exposure vulnerability in IBM Atlas Ediscovery Process Management IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. | 4.3 |
| 2017-12-07 | CVE-2017-1342 | Information Exposure vulnerability in IBM Insights Foundation for Energy 2.0 IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. | 4.0 |
| 2017-12-07 | CVE-2017-1341 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. network ibm | 4.3 |
| 2017-12-07 | CVE-2017-1271 | Inadequate Encryption Strength vulnerability in IBM Security Guardium 9.0/9.1/9.5 IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. | 5.0 |
| 2017-11-27 | CVE-2017-1628 | Incorrect Authorization vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. | 4.0 |
| 2017-11-27 | CVE-2017-1570 | Information Exposure vulnerability in IBM products IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. | 4.0 |
| 2017-11-27 | CVE-2017-1484 | Information Exposure vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. | 4.0 |
| 2017-11-27 | CVE-2017-1283 | Missing Release of Resource after Effective Lifetime vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. | 4.0 |
| 2017-11-27 | CVE-2017-1251 | Information Exposure vulnerability in IBM products An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. | 4.0 |