CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2018-2471 200 +Info 2018-10-09 2018-11-23
5.0
None Remote Low Not required Partial None None
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.
1252 CVE-2018-2470 79 XSS 2018-10-09 2018-11-26
4.3
None Remote Medium Not required None Partial None
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
1253 CVE-2018-2469 200 +Info 2018-10-09 2018-11-23
5.0
None Remote Low Not required Partial None None
Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
1254 CVE-2018-2468 200 +Info 2018-10-09 2018-11-23
5.0
None Remote Low Not required Partial None None
Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
1255 CVE-2018-2467 200 +Info 2018-10-09 2019-01-04
5.0
None Remote Low Not required Partial None None
In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.
1256 CVE-2018-2466 79 XSS 2018-10-09 2018-11-23
3.5
None Remote Medium Single system None Partial None
In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
1257 CVE-2018-1851 502 Exec Code 2018-10-31 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.
1258 CVE-2018-1850 2018-10-22 2019-10-09
8.5
None Remote Medium Single system Complete Complete Complete
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.
1259 CVE-2018-1844 611 2018-10-12 2019-10-09
5.5
None Remote Low Single system Partial None Partial
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.
1260 CVE-2018-1838 200 +Info 2018-10-12 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811.
1261 CVE-2018-1822 287 Bypass 2018-10-18 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
1262 CVE-2018-1819 89 Sql 2018-10-04 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023.
1263 CVE-2018-1812 79 XSS 2018-10-05 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room. IBM X-Force ID: 149883.
1264 CVE-2018-1795 79 XSS 2018-10-05 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073.
1265 CVE-2018-1794 79 XSS 2018-10-03 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949.
1266 CVE-2018-1793 79 XSS 2018-10-03 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948.
1267 CVE-2018-1783 668 2018-10-05 2019-10-02
2.1
None Local Low Not required None None Partial
IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.
1268 CVE-2018-1777 79 XSS 2018-10-16 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148800.
1269 CVE-2018-1770 22 Dir. Trav. 2018-10-12 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686.
1270 CVE-2018-1767 79 XSS 2018-10-29 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621.
1271 CVE-2018-1766 79 XSS 2018-10-29 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148620.
1272 CVE-2018-1753 200 +Info 2018-10-08 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514.
1273 CVE-2018-1750 732 2018-10-08 2019-10-09
5.5
None Remote Low Single system Partial Partial None
IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511.
1274 CVE-2018-1749 20 Bypass 2018-10-08 2019-10-09
4.0
None Remote Low Single system None Partial None
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484.
1275 CVE-2018-1747 611 2018-10-15 2019-10-09
5.5
None Remote Low Single system Partial None Partial
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428.
1276 CVE-2018-1745 287 2018-10-11 2019-10-09
7.8
None Remote Low Not required None None Complete
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424.
1277 CVE-2018-1744 22 Dir. Trav. 2018-10-15 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423.
1278 CVE-2018-1743 200 +Info 2018-10-08 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422.
1279 CVE-2018-1742 798 2018-10-08 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421.
1280 CVE-2018-1741 20 DoS 2018-10-08 2019-10-09
6.4
None Remote Low Not required None Partial Partial
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other consequences. IBM X-Force ID: 148420.
1281 CVE-2018-1738 287 +Info 2018-10-11 2019-10-09
5.5
None Remote Low Single system Partial Partial None
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.
1282 CVE-2018-1724 732 2018-10-11 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. IBM X-Force ID: 147439.
1283 CVE-2018-1723 200 +Info 2018-10-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.
1284 CVE-2018-1708 200 +Info 2018-10-11 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343.
1285 CVE-2018-1706 79 XSS 2018-10-11 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341.
1286 CVE-2018-1692 79 XSS 2018-10-02 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145583.
1287 CVE-2018-1691 79 XSS 2018-10-02 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145582.
1288 CVE-2018-1686 79 XSS 2018-10-05 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505.
1289 CVE-2018-1673 79 XSS 2018-10-12 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.
1290 CVE-2018-1672 287 2018-10-01 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
1291 CVE-2018-1670 200 +Info 2018-10-04 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946.
1292 CVE-2018-1649 22 Dir. Trav. 2018-10-05 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144655.
1293 CVE-2018-1647 770 DoS 2018-10-05 2019-10-09
5.0
None Remote Low Not required None None Partial
IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650.
1294 CVE-2018-1605 79 XSS 2018-10-02 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143795.
1295 CVE-2018-1604 79 XSS 2018-10-04 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143794.
1296 CVE-2018-1603 79 XSS 2018-10-04 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143793.
1297 CVE-2018-1602 79 XSS 2018-10-04 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143792.
1298 CVE-2018-1601 79 XSS 2018-10-02 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143791.
1299 CVE-2018-1593 326 2018-10-02 2019-10-09
5.0
None Remote Low Not required None Partial None
IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568.
1300 CVE-2018-1558 79 XSS 2018-10-02 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956.
Total number of vulnerabilities : 1473   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28 29 30
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.