Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-27 | CVE-2017-1240 | Information Exposure vulnerability in IBM products IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. | 4.0 |
| 2017-11-27 | CVE-2016-6024 | Information Exposure vulnerability in IBM products IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. | 4.0 |
| 2017-11-13 | CVE-2017-1477 | XXE vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0 IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2017-11-13 | CVE-2017-1229 | Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2017-11-13 | CVE-2017-1221 | Weak Password Requirements vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
| 2017-11-01 | CVE-2017-1552 | Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5 IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. | 4.9 |
| 2017-11-01 | CVE-2017-1340 | Information Exposure vulnerability in IBM Jazz Reporting Service 6.0.4 IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. | 4.0 |
| 2017-11-01 | CVE-2017-1333 | Information Exposure vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. | 5.0 |
| 2017-11-01 | CVE-2017-1300 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2017-11-01 | CVE-2017-1148 | Information Exposure vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. | 5.0 |