CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-3752 20 2017-08-09 2017-08-30
4.3
None Local Network Medium Not required None Partial Partial
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
2 CVE-2017-3744 77 2017-06-19 2017-07-05
4.0
None Remote Low Single system Partial None None
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
3 CVE-2017-1591 79 XSS 2017-09-27 2017-10-06
4.3
None Remote Medium Not required None Partial None
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368.
4 CVE-2017-1556 20 2017-09-13 2017-09-22
4.0
None Remote Low Single system None None Partial
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.
5 CVE-2017-1555 20 2017-09-25 2017-10-03
4.0
None Remote Low Single system None Partial None
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
6 CVE-2017-1552 79 XSS 2017-11-01 2017-11-16
4.9
None Remote Medium Single system Partial Partial None
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396.
7 CVE-2017-1538 200 +Info 2017-10-10 2017-10-23
4.0
None Remote Low Single system Partial None None
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.
8 CVE-2017-1521 79 XSS 2017-10-26 2017-10-31
4.3
None Remote Medium Not required None Partial None
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831.
9 CVE-2017-1520 287 2017-09-12 2017-09-15
4.3
None Remote Medium Not required None Partial None
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.
10 CVE-2017-1519 20 DoS 2017-09-12 2017-09-15
4.3
None Remote Medium Not required None None Partial
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.
11 CVE-2017-1504 254 2017-08-03 2017-08-05
4.0
None Remote Low Single system Partial None None
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.
12 CVE-2017-1503 79 XSS Http R.Spl. +Info 2017-10-10 2017-11-05
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578.
13 CVE-2017-1501 200 +Info 2017-08-18 2017-08-24
4.3
None Remote Medium Not required Partial None None
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.
14 CVE-2017-1500 79 XSS 2017-08-01 2017-08-04
4.3
None Remote Medium Not required None Partial None
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session.
15 CVE-2017-1495 119 Overflow 2017-08-02 2017-08-03
4.0
None Remote Low Single system Partial None None
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID: 128693.
16 CVE-2017-1469 94 +Priv 2017-08-14 2017-08-25
4.6
None Local Low Not required Partial Partial Partial
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468.
17 CVE-2017-1468 264 +Priv 2017-08-02 2017-08-04
4.6
None Local Low Not required Partial Partial Partial
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467.
18 CVE-2017-1457 79 XSS 2017-09-05 2017-09-07
4.3
None Remote Medium Not required None Partial None
IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376.
19 CVE-2017-1449 601 +Info 2017-08-31 2017-09-04
4.9
None Remote Medium Single system Partial Partial None
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.
20 CVE-2017-1448 601 +Info 2017-08-09 2017-08-20
4.9
None Remote Medium Single system Partial Partial None
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173.
21 CVE-2017-1443 79 XSS 2017-08-30 2017-09-02
4.3
None Remote Medium Not required None Partial None
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109.
22 CVE-2017-1427 79 XSS 2017-08-29 2017-09-01
4.3
None Remote Medium Not required None Partial None
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579.
23 CVE-2017-1386 264 Bypass 2017-07-31 2017-08-03
4.3
None Remote Medium Not required Partial None None
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.
24 CVE-2017-1377 200 +Info 2017-08-10 2017-08-18
4.0
None Remote Low Single system Partial None None
IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874.
25 CVE-2017-1374 200 +Info 2017-07-21 2017-07-25
4.0
None Remote Low Single system Partial None None
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.
26 CVE-2017-1370 284 2017-07-31 2017-08-07
4.0
None Remote Low Single system Partial None None
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.
27 CVE-2017-1357 20 2017-08-09 2017-08-24
4.0
None Remote Low Single system None Partial None
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
28 CVE-2017-1340 200 +Info 2017-11-01 2017-11-18
4.0
None Remote Low Single system Partial None None
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.
29 CVE-2017-1337 255 2017-07-10 2017-07-13
4.3
None Remote Medium Not required Partial None None
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.
30 CVE-2017-1332 79 XSS 2017-07-31 2017-08-03
4.3
None Remote Medium Not required None Partial None
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234.
31 CVE-2017-1327 79 XSS 2017-08-03 2017-08-05
4.3
None Remote Medium Not required None Partial None
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.
32 CVE-2017-1326 284 2017-06-22 2017-06-30
4.0
None Remote Low Single system None Partial None
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.
33 CVE-2017-1325 79 XSS 2017-05-26 2017-07-07
4.3
None Remote Medium Not required None Partial None
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.
34 CVE-2017-1321 79 XSS 2017-07-12 2017-07-17
4.3
None Remote Medium Not required None Partial None
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916.
35 CVE-2017-1310 119 Overflow 2017-06-29 2017-07-06
4.0
None Remote Low Single system None None Partial
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.
36 CVE-2017-1308 284 2017-07-13 2017-07-19
4.0
None Remote Low Single system Partial None None
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.
37 CVE-2017-1304 119 DoS Overflow Mem. Corr. 2017-06-21 2017-07-06
4.6
None Local Low Not required Partial Partial Partial
IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458.
38 CVE-2017-1303 79 XSS 2017-07-31 2017-08-02
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457.
39 CVE-2017-1297 119 Exec Code Overflow 2017-06-27 2017-08-11
4.4
None Local Medium Not required Partial Partial Partial
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
40 CVE-2017-1295 200 +Info 2017-10-25 2017-11-13
4.0
None Remote Low Single system Partial None None
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.
41 CVE-2017-1287 601 +Info 2017-07-24 2017-07-28
4.9
None Remote Medium Single system Partial Partial None
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
42 CVE-2017-1285 20 2017-07-12 2017-07-17
4.0
None Remote Low Single system None None Partial
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.
43 CVE-2017-1256 79 XSS 2017-07-05 2017-07-10
4.3
None Remote Medium Not required None Partial None
IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678
44 CVE-2017-1241 200 +Info 2017-10-25 2017-11-13
4.0
None Remote Low Single system Partial None None
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.
45 CVE-2017-1236 20 DoS 2017-07-06 2017-07-17
4.0
None Remote Low Single system None None Partial
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354
46 CVE-2017-1235 284 DoS 2017-09-25 2017-09-28
4.0
None Remote Low Single system None None Partial
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.
47 CVE-2017-1232 200 +Info 2017-10-26 2017-10-31
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911.
48 CVE-2017-1229 200 +Info 2017-11-13 2017-11-29
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908.
49 CVE-2017-1228 200 +Info 2017-10-26 2017-10-31
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907.
50 CVE-2017-1226 200 +Info 2017-10-26 2017-10-31
4.0
None Remote Low Single system Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905.
Total number of vulnerabilities : 984   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.