# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
26701 |
CVE-2017-1194 |
352 |
|
CSRF |
2017-04-28 |
2017-07-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. |
26702 |
CVE-2017-1193 |
200 |
|
+Info |
2017-06-23 |
2017-06-26 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. |
26703 |
CVE-2017-1192 |
611 |
|
|
2017-08-10 |
2018-02-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663. |
26704 |
CVE-2017-1191 |
|
|
|
2017-12-27 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. |
26705 |
CVE-2017-1190 |
|
|
Exec Code |
2017-08-14 |
2019-10-02 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559. |
26706 |
CVE-2017-1189 |
79 |
|
XSS |
2017-09-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558. |
26707 |
CVE-2017-1183 |
89 |
|
Sql |
2017-07-17 |
2017-07-20 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. |
26708 |
CVE-2017-1182 |
|
|
Exec Code |
2017-07-17 |
2019-10-02 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493. |
26709 |
CVE-2017-1181 |
319 |
|
+Priv |
2017-07-17 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. |
26710 |
CVE-2017-1180 |
|
|
|
2017-04-05 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084. |
26711 |
CVE-2017-1179 |
326 |
|
|
2017-06-08 |
2017-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. |
26712 |
CVE-2017-1178 |
79 |
|
XSS |
2017-06-07 |
2017-06-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430. |
26713 |
CVE-2017-1177 |
200 |
|
+Info |
2019-02-05 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429. |
26714 |
CVE-2017-1176 |
200 |
|
+Info |
2017-07-05 |
2017-07-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299. |
26715 |
CVE-2017-1174 |
89 |
|
Sql |
2017-08-10 |
2017-08-20 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. |
26716 |
CVE-2017-1171 |
|
|
|
2017-03-31 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083. |
26717 |
CVE-2017-1170 |
|
|
|
2017-04-26 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230. |
26718 |
CVE-2017-1169 |
79 |
|
XSS |
2017-10-25 |
2017-11-13 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188. |
26719 |
CVE-2017-1168 |
79 |
|
XSS |
2017-08-10 |
2017-08-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187. |
26720 |
CVE-2017-1164 |
79 |
|
XSS |
2017-10-25 |
2017-11-13 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036. |
26721 |
CVE-2017-1162 |
200 |
|
+Info |
2017-09-12 |
2017-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. |
26722 |
CVE-2017-1160 |
79 |
|
XSS |
2017-04-17 |
2017-04-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. |
26723 |
CVE-2017-1159 |
601 |
|
+Info |
2017-05-22 |
2017-06-02 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. |
26724 |
CVE-2017-1157 |
200 |
|
+Info |
2017-07-05 |
2017-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. |
26725 |
CVE-2017-1156 |
601 |
|
+Info |
2017-05-05 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 |
26726 |
CVE-2017-1155 |
200 |
|
+Info |
2017-03-20 |
2017-03-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754. |
26727 |
CVE-2017-1154 |
200 |
|
+Info |
2017-03-31 |
2017-04-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892. |
26728 |
CVE-2017-1153 |
|
|
|
2017-03-27 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. |
26729 |
CVE-2017-1152 |
384 |
|
|
2017-04-14 |
2017-06-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. |
26730 |
CVE-2017-1151 |
|
|
+Priv |
2017-03-20 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293. |
26731 |
CVE-2017-1150 |
269 |
|
|
2017-03-08 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515. |
26732 |
CVE-2017-1148 |
200 |
|
+Info |
2017-11-01 |
2017-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201. |
26733 |
CVE-2017-1147 |
79 |
|
XSS |
2017-11-01 |
2017-11-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200. |
26734 |
CVE-2017-1146 |
79 |
|
XSS |
2017-03-20 |
2017-03-23 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736. |
26735 |
CVE-2017-1144 |
426 |
|
|
2017-07-05 |
2017-07-18 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. |
26736 |
CVE-2017-1143 |
200 |
|
+Info |
2017-03-27 |
2017-03-31 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874. |
26737 |
CVE-2017-1142 |
200 |
|
+Info |
2017-03-27 |
2017-03-31 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874. |
26738 |
CVE-2017-1141 |
200 |
|
+Info |
2017-04-28 |
2017-05-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. |
26739 |
CVE-2017-1140 |
79 |
|
XSS |
2017-06-08 |
2017-06-13 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
26740 |
CVE-2017-1137 |
|
|
+Info |
2017-05-10 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549. |
26741 |
CVE-2017-1133 |
79 |
|
XSS |
2017-03-07 |
2017-03-31 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534. |
26742 |
CVE-2017-1132 |
79 |
|
XSS |
2017-06-23 |
2017-06-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418. |
26743 |
CVE-2017-1131 |
200 |
|
+Info |
2017-06-23 |
2017-06-26 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. |
26744 |
CVE-2017-1130 |
|
|
DoS |
2017-09-05 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371. |
26745 |
CVE-2017-1129 |
|
|
DoS |
2017-09-05 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370. |
26746 |
CVE-2017-1128 |
79 |
|
XSS |
2017-02-08 |
2017-02-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
26747 |
CVE-2017-1127 |
79 |
|
XSS |
2017-02-08 |
2017-02-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
26748 |
CVE-2017-1126 |
200 |
|
+Info |
2017-10-03 |
2017-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. |
26749 |
CVE-2017-1125 |
200 |
|
+Info |
2017-06-07 |
2017-06-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340. |
26750 |
CVE-2017-1124 |
200 |
|
+Info |
2017-03-07 |
2017-03-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053. |