Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-02 | CVE-2017-1495 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. | 4.0 |
| 2017-08-02 | CVE-2017-1468 | Unspecified vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. | 4.6 |
| 2017-08-02 | CVE-2017-1467 | Unspecified vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. network ibm | 6.8 |
| 2017-08-02 | CVE-2017-1383 | XXE vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2017-08-02 | CVE-2017-1118 | Unspecified vulnerability in IBM Websphere MQ Internet Pass-Thru 2.0/2.1 IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. | 5.0 |
| 2017-08-02 | CVE-2016-9981 | Session Fixation vulnerability in IBM Security Appscan IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. | 6.8 |
| 2017-08-01 | CVE-2017-1500 | Cross-site Scripting vulnerability in IBM Mobilefirst Platform Foundation and Worklight A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. | 4.3 |
| 2017-07-31 | CVE-2017-1460 | Improper Input Validation vulnerability in IBM I IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. | 5.0 |
| 2017-07-31 | CVE-2017-1386 | Weak Password Requirements vulnerability in IBM API Connect and API Management IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. | 4.3 |
| 2017-07-31 | CVE-2017-1370 | Information Exposure Through an Error Message vulnerability in IBM Jazz Reporting Service IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. | 4.0 |