Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-03 | CVE-2017-1569 | Unspecified vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. | 5.0 |
| 2017-10-03 | CVE-2017-1311 | SQL Injection vulnerability in IBM Insights Foundation for Energy 2.0 IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. | 6.5 |
| 2017-09-28 | CVE-2017-1591 | Cross-site Scripting vulnerability in IBM Datapower Gateway IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. | 4.3 |
| 2017-09-28 | CVE-2017-1577 | Path Traversal vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. | 5.0 |
| 2017-09-26 | CVE-2017-1539 | Unspecified vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. | 6.5 |
| 2017-09-25 | CVE-2017-1555 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. | 4.0 |
| 2017-09-25 | CVE-2017-1551 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. | 5.8 |
| 2017-09-25 | CVE-2017-1235 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. | 4.0 |
| 2017-09-20 | CVE-2015-0162 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0 IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | 6.9 |
| 2017-09-18 | CVE-2014-6106 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. | 6.8 |