| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
26451 |
CVE-2017-1545 |
|
|
|
2018-01-26 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914. |
|
26452 |
CVE-2017-1544 |
200 |
|
+Info |
2018-07-20 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812. |
|
26453 |
CVE-2017-1540 |
79 |
|
XSS |
2018-01-26 |
2018-02-08 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808. |
|
26454 |
CVE-2017-1539 |
|
|
+Priv |
2017-09-26 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807. |
|
26455 |
CVE-2017-1538 |
200 |
|
+Info |
2017-10-10 |
2017-10-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. |
|
26456 |
CVE-2017-1536 |
79 |
|
XSS |
2017-12-11 |
2017-12-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733. |
|
26457 |
CVE-2017-1535 |
79 |
|
XSS |
2017-08-29 |
2017-09-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677. |
|
26458 |
CVE-2017-1534 |
601 |
|
+Info |
2018-01-10 |
2018-01-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. |
|
26459 |
CVE-2017-1533 |
79 |
|
XSS |
2018-01-10 |
2018-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675. |
|
26460 |
CVE-2017-1532 |
79 |
|
XSS |
2018-01-26 |
2018-02-08 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411. |
|
26461 |
CVE-2017-1531 |
79 |
|
XSS |
2017-09-26 |
2017-09-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410. |
|
26462 |
CVE-2017-1530 |
79 |
|
XSS |
2017-09-26 |
2017-09-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409. |
|
26463 |
CVE-2017-1524 |
200 |
|
+Info |
2018-03-23 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970. |
|
26464 |
CVE-2017-1523 |
306 |
|
|
2017-10-24 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. |
|
26465 |
CVE-2017-1522 |
79 |
|
XSS |
2017-10-05 |
2017-10-25 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832. |
|
26466 |
CVE-2017-1521 |
79 |
|
XSS |
2017-10-26 |
2017-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. |
|
26467 |
CVE-2017-1520 |
287 |
|
|
2017-09-12 |
2017-09-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. |
|
26468 |
CVE-2017-1519 |
20 |
|
DoS |
2017-09-12 |
2017-09-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829. |
|
26469 |
CVE-2017-1516 |
20 |
|
|
2018-01-26 |
2018-02-08 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826. |
|
26470 |
CVE-2017-1515 |
200 |
|
+Info |
2018-01-26 |
2018-02-08 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825. |
|
26471 |
CVE-2017-1509 |
200 |
|
+Info |
2018-07-06 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719. |
|
26472 |
CVE-2017-1508 |
|
|
+Priv |
2017-09-13 |
2019-10-02 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. |
|
26473 |
CVE-2017-1507 |
200 |
|
+Info |
2017-12-11 |
2017-12-26 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. |
|
26474 |
CVE-2017-1506 |
79 |
|
XSS |
2018-01-26 |
2018-02-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617. |
|
26475 |
CVE-2017-1504 |
|
|
|
2017-08-03 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. |
|
26476 |
CVE-2017-1503 |
79 |
|
XSS Http R.Spl. +Info |
2017-10-10 |
2017-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. |
|
26477 |
CVE-2017-1502 |
79 |
|
XSS |
2017-09-07 |
2017-09-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577. |
|
26478 |
CVE-2017-1501 |
200 |
|
+Info |
2017-08-18 |
2017-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. |
|
26479 |
CVE-2017-1500 |
79 |
|
XSS |
2017-08-01 |
2017-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session. |
|
26480 |
CVE-2017-1499 |
434 |
|
Exec Code |
2018-02-14 |
2018-03-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106. |
|
26481 |
CVE-2017-1498 |
79 |
|
XSS |
2017-12-07 |
2017-12-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020. |
|
26482 |
CVE-2017-1497 |
200 |
|
+Info |
2017-12-07 |
2017-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. |
|
26483 |
CVE-2017-1496 |
79 |
|
XSS |
2017-07-31 |
2017-08-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128694. |
|
26484 |
CVE-2017-1495 |
119 |
|
Overflow |
2017-08-02 |
2017-08-03 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID: 128693. |
|
26485 |
CVE-2017-1494 |
79 |
|
XSS |
2017-12-20 |
2019-04-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692. |
|
26486 |
CVE-2017-1493 |
269 |
|
|
2018-01-09 |
2019-10-02 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691. |
|
26487 |
CVE-2017-1491 |
|
|
|
2017-09-05 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689. |
|
26488 |
CVE-2017-1490 |
200 |
|
+Info |
2017-09-14 |
2017-09-23 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. |
|
26489 |
CVE-2017-1489 |
601 |
|
|
2017-08-28 |
2017-09-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. |
|
26490 |
CVE-2017-1488 |
200 |
|
+Info |
2018-07-06 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627. |
|
26491 |
CVE-2017-1487 |
200 |
|
+Info |
2017-12-07 |
2017-12-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. |
|
26492 |
CVE-2017-1486 |
79 |
|
XSS |
2018-04-23 |
2018-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128624. |
|
26493 |
CVE-2017-1485 |
79 |
|
XSS |
2017-08-29 |
2017-09-01 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623. |
|
26494 |
CVE-2017-1484 |
200 |
|
+Info |
2017-11-27 |
2017-12-15 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. |
|
26495 |
CVE-2017-1482 |
79 |
|
XSS |
2017-12-07 |
2017-12-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620. |
|
26496 |
CVE-2017-1481 |
200 |
|
+Info |
2017-12-07 |
2017-12-19 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. |
|
26497 |
CVE-2017-1480 |
532 |
|
|
2018-06-06 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617. |
|
26498 |
CVE-2017-1478 |
200 |
|
+Info |
2018-01-11 |
2018-02-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613. |
|
26499 |
CVE-2017-1477 |
611 |
|
|
2017-11-13 |
2017-11-30 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. |
|
26500 |
CVE-2017-1476 |
200 |
|
+Info |
2018-06-06 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610. |
