Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-27 | CVE-2017-1297 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM products IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. | 4.4 |
| 2017-06-27 | CVE-2016-9972 | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2017-06-27 | CVE-2016-9738 | 7PK - Security Features vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
| 2017-06-27 | CVE-2016-6083 | Information Exposure vulnerability in IBM Tivoli Monitoring IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. | 5.0 |
| 2017-06-23 | CVE-2017-1347 | SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. | 6.5 |
| 2017-06-23 | CVE-2017-1193 | Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. | 4.0 |
| 2017-06-23 | CVE-2017-1131 | Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. | 4.0 |
| 2017-06-22 | CVE-2017-1326 | Improper Privilege Management vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling File Gateway does not properly restrict user requests based on permission level. | 4.0 |
| 2017-06-22 | CVE-2016-9982 | Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. | 4.0 |
| 2017-06-21 | CVE-2017-1304 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Elastic Storage Server IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. | 4.6 |