CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4501 CVE-2017-1757 89 Sql 2017-12-20 2018-01-03
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.
4502 CVE-2017-1746 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.
4503 CVE-2017-1731 264 +Priv 2018-01-30 2018-02-14
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.
4504 CVE-2017-1722 89 Sql 2018-04-26 2018-05-25
6.5
None Remote Low Single system Partial Partial Partial
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.
4505 CVE-2017-1721 94 Exec Code 2018-04-26 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.
4506 CVE-2017-1711 426 2018-02-13 2018-03-13
6.8
None Remote Medium Not required Partial Partial Partial
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
4507 CVE-2017-1693 613 2018-01-19 2018-02-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.
4508 CVE-2017-1672 352 CSRF 2018-01-04 2018-01-16
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.
4509 CVE-2017-1631 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.
4510 CVE-2017-1606 89 Sql 2017-12-11 2017-12-26
6.5
None Remote Low Single system Partial Partial Partial
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.
4511 CVE-2017-1539 264 +Priv 2017-09-26 2017-09-29
6.5
None Remote Low Single system Partial Partial Partial
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.
4512 CVE-2017-1508 264 +Priv 2017-09-13 2017-09-27
6.8
None Local Low Single system Complete Complete Complete
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.
4513 CVE-2017-1499 434 Exec Code 2018-02-14 2018-03-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
4514 CVE-2017-1467 264 2017-08-02 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466.
4515 CVE-2017-1442 352 CSRF 2017-08-30 2017-09-02
6.8
None Remote Medium Not required Partial Partial Partial
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.
4516 CVE-2017-1440 284 Exec Code 2017-08-30 2017-09-02
6.5
None Remote Low Single system Partial Partial Partial
IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105.
4517 CVE-2017-1383 611 2017-08-02 2017-08-04
6.4
None Remote Low Not required Partial None Partial
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.
4518 CVE-2017-1373 284 2017-07-21 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.
4519 CVE-2017-1371 284 2017-07-21 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.
4520 CVE-2017-1356 89 Sql 2017-12-07 2017-12-19
6.5
None Remote Low Single system Partial Partial Partial
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.
4521 CVE-2017-1352 77 Exec Code 2017-09-12 2017-09-21
6.0
None Remote Medium Single system Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
4522 CVE-2017-1347 89 Sql 2017-06-23 2017-06-26
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
4523 CVE-2017-1322 611 2017-06-27 2017-07-05
6.4
None Remote Low Not required Partial None Partial
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.
4524 CVE-2017-1311 89 Sql 2017-10-02 2017-10-11
6.5
None Remote Low Single system Partial Partial Partial
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.
4525 CVE-2017-1300 352 CSRF 2017-11-01 2017-11-24
6.8
None Remote Medium Not required Partial Partial Partial
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.
4526 CVE-2017-1289 611 2017-05-22 2018-01-04
6.4
None Remote Low Not required Partial None Partial
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
4527 CVE-2017-1274 119 Exec Code Overflow 2017-04-25 2017-10-30
6.5
None Remote Low Single system Partial Partial Partial
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
4528 CVE-2017-1258 287 2017-07-05 2017-07-14
6.4
None Remote Low Not required Partial Partial None
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685
4529 CVE-2017-1253 78 Exec Code 2017-07-05 2017-07-17
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.
4530 CVE-2017-1222 287 2017-10-26 2017-10-31
6.4
None Remote Low Not required Partial Partial None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862.
4531 CVE-2017-1218 352 CSRF 2017-07-19 2017-10-26
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.
4532 CVE-2017-1194 352 CSRF 2017-04-28 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
4533 CVE-2017-1192 611 2017-08-10 2018-02-01
6.4
None Remote Low Not required Partial None Partial
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663.
4534 CVE-2017-1190 77 Exec Code 2017-08-14 2017-08-20
6.2
None Local High Not required Complete Complete Complete
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.
4535 CVE-2017-1174 89 Sql 2017-08-10 2017-08-20
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.
4536 CVE-2017-1156 284 +Info 2017-05-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
4537 CVE-2017-1153 284 2017-03-27 2017-03-30
6.5
None Remote Low Single system Partial Partial Partial
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.
4538 CVE-2017-1151 264 +Priv 2017-03-20 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.
4539 CVE-2017-1137 284 +Info 2017-05-10 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.
4540 CVE-2017-1122 77 Exec Code 2017-04-20 2017-07-10
6.9
None Local Medium Not required Complete Complete Complete
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.
4541 CVE-2017-1097 352 CSRF 2017-09-05 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
4542 CVE-2017-0926 285 2018-03-21 2018-04-13
6.5
None Remote Low Single system Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
4543 CVE-2017-0921 640 2018-07-03 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
4544 CVE-2017-0918 22 Exec Code Dir. Trav. 2018-03-21 2018-04-20
6.5
None Remote Low Single system Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
4545 CVE-2017-0904 254 Bypass 2017-11-13 2017-11-29
6.8
None Remote Medium Not required Partial Partial Partial
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.
4546 CVE-2017-0902 284 2017-08-31 2018-07-14
6.8
None Remote Medium Not required Partial Partial Partial
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
4547 CVE-2017-0901 20 2017-08-31 2018-07-14
6.4
None Remote Low Not required None Partial Partial
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
4548 CVE-2017-0898 134 Mem. Corr. 2017-09-15 2018-07-14
6.4
None Remote Low Not required Partial None Partial
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
4549 CVE-2017-0804 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.
4550 CVE-2017-0803 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.