Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-05 | CVE-2017-1458 | XXE vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2017-09-05 | CVE-2017-1457 | Cross-site Scripting vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. | 4.3 |
| 2017-09-05 | CVE-2017-1130 | Unspecified vulnerability in IBM Inotes IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. network ibm | 4.3 |
| 2017-09-05 | CVE-2017-1129 | Unspecified vulnerability in IBM Expeditor and Inotes IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. network ibm | 4.3 |
| 2017-09-05 | CVE-2017-1097 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2017-08-31 | CVE-2017-1450 | Open Redirect vulnerability in IBM Emptoris Sourcing IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2017-08-31 | CVE-2017-1449 | Open Redirect vulnerability in IBM Emptoris Sourcing IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 4.9 |
| 2017-08-30 | CVE-2017-1443 | Cross-site Scripting vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. | 4.3 |
| 2017-08-30 | CVE-2017-1442 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2017-08-30 | CVE-2017-1440 | Code Injection vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. | 6.5 |