| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1951 |
CVE-2018-2589 |
200 |
|
+Info |
2018-01-17 |
2018-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
|
1952 |
CVE-2018-2587 |
284 |
|
|
2018-04-18 |
2018-04-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N). |
|
1953 |
CVE-2018-2574 |
284 |
|
|
2018-01-17 |
2018-01-25 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Outlook Client). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Desktop accessible data as well as unauthorized access to critical data or complete access to all Siebel CRM Desktop accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). |
|
1954 |
CVE-2018-2572 |
284 |
|
|
2018-04-18 |
2018-04-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Supported versions that are affected are 6.1.1.6, 6.2.0.0 and 6.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile Product Lifecycle Management for Process, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). |
|
1955 |
CVE-2018-2571 |
284 |
|
|
2018-01-17 |
2018-02-14 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). |
|
1956 |
CVE-2018-2567 |
284 |
|
|
2018-01-17 |
2018-02-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.1.x, 7.2.4.2.x, 7.3.0.x.x and 7.3.0.1.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). |
|
1957 |
CVE-2018-2564 |
284 |
|
|
2018-01-17 |
2018-01-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N). |
|
1958 |
CVE-2018-2561 |
|
|
DoS |
2018-01-17 |
2018-01-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
|
1959 |
CVE-2018-2471 |
200 |
|
+Info |
2018-10-09 |
2018-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. |
|
1960 |
CVE-2018-2469 |
200 |
|
+Info |
2018-10-09 |
2018-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. |
|
1961 |
CVE-2018-2468 |
200 |
|
+Info |
2018-10-09 |
2018-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. |
|
1962 |
CVE-2018-2465 |
20 |
|
|
2018-09-11 |
2018-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash. |
|
1963 |
CVE-2018-2463 |
918 |
|
|
2018-09-11 |
2018-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. |
|
1964 |
CVE-2018-2459 |
254 |
|
|
2018-09-11 |
2018-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. |
|
1965 |
CVE-2018-2458 |
200 |
|
+Info |
2018-09-11 |
2018-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. |
|
1966 |
CVE-2018-2448 |
200 |
|
+Info |
2018-08-14 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. |
|
1967 |
CVE-2018-2446 |
200 |
|
+Info |
2018-08-14 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. |
|
1968 |
CVE-2018-2445 |
918 |
|
|
2018-08-14 |
2018-10-15 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. |
|
1969 |
CVE-2018-2441 |
20 |
|
|
2018-08-14 |
2018-10-11 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. |
|
1970 |
CVE-2018-2438 |
399 |
|
|
2018-07-10 |
2018-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. |
|
1971 |
CVE-2018-2433 |
284 |
|
|
2018-07-10 |
2018-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. |
|
1972 |
CVE-2018-2428 |
200 |
|
+Info |
2018-06-12 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00. |
|
1973 |
CVE-2018-2424 |
20 |
|
|
2018-06-12 |
2018-08-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00 |
|
1974 |
CVE-2018-2423 |
399 |
|
|
2018-05-09 |
2018-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. |
|
1975 |
CVE-2018-2422 |
399 |
|
|
2018-05-09 |
2018-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. |
|
1976 |
CVE-2018-2421 |
399 |
|
|
2018-05-09 |
2018-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. |
|
1977 |
CVE-2018-2419 |
264 |
|
|
2018-05-09 |
2018-06-14 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
|
1978 |
CVE-2018-2417 |
200 |
|
+Info |
2018-05-09 |
2018-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. |
|
1979 |
CVE-2018-2400 |
200 |
|
+Info |
2018-03-14 |
2018-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted. |
|
1980 |
CVE-2018-2398 |
200 |
|
+Info |
2018-03-14 |
2018-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. |
|
1981 |
CVE-2018-2394 |
264 |
|
|
2018-02-14 |
2018-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. |
|
1982 |
CVE-2018-2393 |
611 |
|
|
2018-02-14 |
2018-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. |
|
1983 |
CVE-2018-2392 |
611 |
|
|
2018-02-14 |
2018-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. |
|
1984 |
CVE-2018-2376 |
284 |
|
|
2018-02-14 |
2018-03-01 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. |
|
1985 |
CVE-2018-2375 |
284 |
|
|
2018-02-14 |
2018-03-01 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. |
|
1986 |
CVE-2018-2373 |
200 |
|
+Info |
2018-02-14 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. |
|
1987 |
CVE-2018-2370 |
918 |
|
|
2018-02-14 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. |
|
1988 |
CVE-2018-2369 |
200 |
|
+Info |
2018-02-14 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory. |
|
1989 |
CVE-2018-2362 |
200 |
|
+Info |
2018-01-09 |
2018-01-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. |
|
1990 |
CVE-2018-2360 |
306 |
|
|
2018-01-09 |
2018-01-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. |
|
1991 |
CVE-2018-1920 |
611 |
|
|
2018-12-07 |
2018-12-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855. |
|
1992 |
CVE-2018-1905 |
611 |
|
|
2018-11-26 |
2018-12-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534. |
|
1993 |
CVE-2018-1878 |
200 |
|
+Info |
2018-11-02 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714. |
|
1994 |
CVE-2018-1846 |
611 |
|
|
2018-11-02 |
2018-12-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945. |
|
1995 |
CVE-2018-1844 |
611 |
|
|
2018-10-12 |
2018-11-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904. |
|
1996 |
CVE-2018-1785 |
326 |
|
|
2018-09-26 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870. |
|
1997 |
CVE-2018-1757 |
200 |
|
+Info |
2018-09-07 |
2018-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601. |
|
1998 |
CVE-2018-1756 |
89 |
|
Sql |
2018-09-07 |
2018-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599. |
|
1999 |
CVE-2018-1750 |
275 |
|
|
2018-10-08 |
2018-11-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511. |
|
2000 |
CVE-2018-1747 |
611 |
|
|
2018-10-15 |
2018-11-30 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428. |
