|
|
IBM : Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1583 |
284 |
|
Bypass |
2018-05-22 |
2018-06-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331. |
|
2 |
CVE-2018-1565 |
119 |
|
Overflow |
2018-05-25 |
2018-06-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022. |
|
3 |
CVE-2018-1547 |
77 |
|
Exec Code |
2018-06-07 |
2018-07-16 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651. |
|
4 |
CVE-2018-1544 |
119 |
|
Overflow |
2018-05-25 |
2018-06-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648. |
|
5 |
CVE-2018-1515 |
119 |
|
Overflow |
2018-05-25 |
2018-06-22 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624. |
|
6 |
CVE-2018-1514 |
352 |
|
CSRF |
2018-06-07 |
2018-07-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. |
|
7 |
CVE-2018-1502 |
79 |
|
XSS |
2018-05-01 |
2018-06-06 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141338. |
|
8 |
CVE-2018-1496 |
79 |
|
XSS |
2018-05-31 |
2018-06-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219. |
|
9 |
CVE-2018-1495 |
264 |
|
DoS |
2018-05-29 |
2018-07-09 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. |
|
10 |
CVE-2018-1488 |
119 |
|
Exec Code Overflow |
2018-05-25 |
2018-06-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973. |
|
11 |
CVE-2018-1483 |
79 |
|
XSS |
2018-04-11 |
2018-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918. |
|
12 |
CVE-2018-1479 |
352 |
|
CSRF |
2018-04-27 |
2018-05-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761. |
|
13 |
CVE-2018-1475 |
254 |
|
|
2018-04-27 |
2018-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756. |
|
14 |
CVE-2018-1473 |
79 |
|
XSS |
2018-04-27 |
2018-05-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140691. |
|
15 |
CVE-2018-1468 |
200 |
|
+Info |
2018-05-02 |
2018-06-06 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399. |
|
16 |
CVE-2018-1467 |
200 |
|
+Info |
2018-05-25 |
2018-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398. |
|
17 |
CVE-2018-1466 |
326 |
|
|
2018-05-17 |
2018-06-15 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397. |
|
18 |
CVE-2018-1465 |
200 |
|
+Info |
2018-05-17 |
2018-06-15 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396. |
|
19 |
CVE-2018-1464 |
200 |
|
+Info |
2018-05-17 |
2018-06-15 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395. |
|
20 |
CVE-2018-1463 |
284 |
|
|
2018-05-17 |
2018-06-15 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368. |
|
21 |
CVE-2018-1462 |
284 |
|
DoS |
2018-05-17 |
2018-06-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363. |
|
22 |
CVE-2018-1461 |
79 |
|
XSS |
2018-05-17 |
2018-06-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362. |
|
23 |
CVE-2018-1459 |
119 |
|
Exec Code Overflow |
2018-05-25 |
2018-06-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210. |
|
24 |
CVE-2018-1454 |
200 |
|
+Info |
2018-06-05 |
2018-07-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089. |
|
25 |
CVE-2018-1452 |
264 |
|
|
2018-05-25 |
2018-06-22 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047. |
|
26 |
CVE-2018-1451 |
264 |
|
|
2018-05-25 |
2018-06-25 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046. |
|
27 |
CVE-2018-1450 |
264 |
|
|
2018-05-25 |
2018-06-22 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045. |
|
28 |
CVE-2018-1449 |
264 |
|
|
2018-05-25 |
2018-06-22 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044. |
|
29 |
CVE-2018-1448 |
264 |
|
|
2018-03-22 |
2018-04-17 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043. |
|
30 |
CVE-2018-1445 |
79 |
|
XSS |
2018-04-17 |
2018-05-22 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907. |
|
31 |
CVE-2018-1444 |
79 |
|
XSS |
2018-03-13 |
2018-04-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906. |
|
32 |
CVE-2018-1443 |
287 |
|
|
2018-03-08 |
2018-03-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754. |
|
33 |
CVE-2018-1442 |
352 |
|
CSRF |
2018-03-08 |
2018-03-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598. |
|
34 |
CVE-2018-1441 |
79 |
|
XSS |
2018-03-13 |
2018-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597. |
|
35 |
CVE-2018-1438 |
200 |
|
+Info |
2018-05-17 |
2018-06-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566. |
|
36 |
CVE-2018-1437 |
426 |
|
Exec Code |
2018-03-13 |
2018-04-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565. |
|
37 |
CVE-2018-1435 |
426 |
|
Exec Code |
2018-03-13 |
2018-04-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563. |
|
38 |
CVE-2018-1434 |
352 |
|
CSRF |
2018-05-17 |
2018-06-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474. |
|
39 |
CVE-2018-1433 |
200 |
|
+Info |
2018-05-17 |
2018-06-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473. |
|
40 |
CVE-2018-1432 |
20 |
|
XSS CSRF |
2018-06-05 |
2018-07-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. |
|
41 |
CVE-2018-1429 |
79 |
|
XSS |
2018-03-23 |
2018-04-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. |
|
42 |
CVE-2018-1428 |
327 |
|
|
2018-03-22 |
2018-06-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073. |
|
43 |
CVE-2018-1427 |
119 |
|
DoS Overflow |
2018-03-22 |
2018-06-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072. |
|
44 |
CVE-2018-1426 |
320 |
|
|
2018-03-22 |
2018-06-08 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071. |
|
45 |
CVE-2018-1425 |
326 |
|
|
2018-02-27 |
2018-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003. |
|
46 |
CVE-2018-1421 |
611 |
|
|
2018-04-04 |
2018-05-02 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023. |
|
47 |
CVE-2018-1418 |
287 |
|
Exec Code Bypass |
2018-04-26 |
2018-05-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824. |
|
48 |
CVE-2018-1417 |
264 |
|
|
2018-02-22 |
2018-05-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823. |
|
49 |
CVE-2018-1416 |
79 |
|
XSS |
2018-02-27 |
2018-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822. |
|
50 |
CVE-2018-1415 |
79 |
|
XSS |
2018-02-22 |
2018-03-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821. |
|
|
