CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5701 CVE-2017-2102 352 CSRF 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5702 CVE-2017-2100 20 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.
5703 CVE-2017-2099 284 Exec Code 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors.
5704 CVE-2017-2097 352 CSRF 2017-04-28 2017-05-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5705 CVE-2017-1794 264 DoS 2018-09-19 2018-11-23
6.0
None Remote Medium Single system Partial Partial Partial
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.
5706 CVE-2017-1769 352 CSRF 2018-01-24 2018-02-08
6.8
None Remote Medium Not required Partial Partial Partial
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.
5707 CVE-2017-1757 89 Sql 2017-12-20 2018-01-03
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.
5708 CVE-2017-1746 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.
5709 CVE-2017-1731 264 +Priv 2018-01-30 2018-02-14
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.
5710 CVE-2017-1722 89 Sql 2018-04-26 2018-05-25
6.5
None Remote Low Single system Partial Partial Partial
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.
5711 CVE-2017-1721 94 Exec Code 2018-04-26 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.
5712 CVE-2017-1711 426 2018-02-13 2018-03-13
6.8
None Remote Medium Not required Partial Partial Partial
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
5713 CVE-2017-1693 613 2018-01-19 2018-02-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.
5714 CVE-2017-1672 352 CSRF 2018-01-04 2018-01-16
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.
5715 CVE-2017-1631 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.
5716 CVE-2017-1606 89 Sql 2017-12-11 2017-12-26
6.5
None Remote Low Single system Partial Partial Partial
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.
5717 CVE-2017-1539 264 +Priv 2017-09-26 2017-09-29
6.5
None Remote Low Single system Partial Partial Partial
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.
5718 CVE-2017-1508 264 +Priv 2017-09-13 2017-09-27
6.8
None Local Low Single system Complete Complete Complete
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.
5719 CVE-2017-1499 434 Exec Code 2018-02-14 2018-03-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
5720 CVE-2017-1467 264 2017-08-02 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466.
5721 CVE-2017-1442 352 CSRF 2017-08-30 2017-09-02
6.8
None Remote Medium Not required Partial Partial Partial
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.
5722 CVE-2017-1440 284 Exec Code 2017-08-30 2017-09-02
6.5
None Remote Low Single system Partial Partial Partial
IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105.
5723 CVE-2017-1383 611 2017-08-02 2017-08-04
6.4
None Remote Low Not required Partial None Partial
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.
5724 CVE-2017-1373 284 2017-07-21 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.
5725 CVE-2017-1371 284 2017-07-21 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.
5726 CVE-2017-1356 89 Sql 2017-12-07 2017-12-19
6.5
None Remote Low Single system Partial Partial Partial
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.
5727 CVE-2017-1352 77 Exec Code 2017-09-12 2017-09-21
6.0
None Remote Medium Single system Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
5728 CVE-2017-1347 89 Sql 2017-06-23 2017-06-26
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
5729 CVE-2017-1322 611 2017-06-27 2017-07-05
6.4
None Remote Low Not required Partial None Partial
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.
5730 CVE-2017-1311 89 Sql 2017-10-02 2017-10-11
6.5
None Remote Low Single system Partial Partial Partial
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.
5731 CVE-2017-1300 352 CSRF 2017-11-01 2017-11-24
6.8
None Remote Medium Not required Partial Partial Partial
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.
5732 CVE-2017-1289 611 2017-05-22 2018-01-04
6.4
None Remote Low Not required Partial None Partial
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
5733 CVE-2017-1274 119 Exec Code Overflow 2017-04-25 2019-05-10
6.5
None Remote Low Single system Partial Partial Partial
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
5734 CVE-2017-1258 287 2017-07-05 2017-07-14
6.4
None Remote Low Not required Partial Partial None
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685
5735 CVE-2017-1253 78 Exec Code 2017-07-05 2017-07-17
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.
5736 CVE-2017-1222 287 2017-10-26 2017-10-31
6.4
None Remote Low Not required Partial Partial None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862.
5737 CVE-2017-1218 352 CSRF 2017-07-19 2017-10-26
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.
5738 CVE-2017-1194 352 CSRF 2017-04-28 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
5739 CVE-2017-1192 611 2017-08-10 2018-02-01
6.4
None Remote Low Not required Partial None Partial
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663.
5740 CVE-2017-1190 77 Exec Code 2017-08-14 2017-08-20
6.2
None Local High Not required Complete Complete Complete
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.
5741 CVE-2017-1174 89 Sql 2017-08-10 2017-08-20
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.
5742 CVE-2017-1156 284 +Info 2017-05-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
5743 CVE-2017-1153 284 2017-03-27 2017-03-30
6.5
None Remote Low Single system Partial Partial Partial
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.
5744 CVE-2017-1151 264 +Priv 2017-03-20 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.
5745 CVE-2017-1137 284 +Info 2017-05-10 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.
5746 CVE-2017-1122 77 Exec Code 2017-04-20 2017-07-10
6.9
None Local Medium Not required Complete Complete Complete
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.
5747 CVE-2017-1097 352 CSRF 2017-09-05 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
5748 CVE-2017-0926 285 2018-03-21 2018-04-13
6.5
None Remote Low Single system Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
5749 CVE-2017-0921 640 2018-07-03 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
5750 CVE-2017-0918 22 Exec Code Dir. Trav. 2018-03-21 2018-04-20
6.5
None Remote Low Single system Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.