CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-4513 611 2019-08-26 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.
2 CVE-2019-4433 611 2019-08-20 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890.
3 CVE-2019-4424 611 2019-08-20 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.
4 CVE-2019-4422 287 2019-10-03 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.
5 CVE-2019-4419 611 2019-08-20 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.
6 CVE-2019-4340 611 2019-08-20 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419.
7 CVE-2019-4304 384 Bypass 2019-09-30 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.
8 CVE-2019-4292 434 Exec Code 2019-07-02 2019-07-03
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698.
9 CVE-2019-4224 89 Sql 2019-06-26 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.
10 CVE-2019-4212 352 CSRF 2019-07-25 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132.
11 CVE-2019-4178 22 Dir. Trav. 2019-04-15 2019-05-09
6.4
None Remote Low Not required Partial Partial None
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.
12 CVE-2019-4169 255 2019-08-26 2019-10-09
6.4
None Remote Low Not required Partial Partial None
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
13 CVE-2019-4147 89 Sql 2019-09-16 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
14 CVE-2019-4142 352 CSRF 2019-06-18 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.
15 CVE-2019-4135 264 2019-06-25 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.
16 CVE-2019-4117 352 CSRF 2019-08-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.
17 CVE-2019-4080 400 DoS 2019-04-02 2019-10-09
6.8
None Remote Low Single system None None Complete
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.
18 CVE-2019-4072 613 2019-05-09 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064.
19 CVE-2019-4069 434 2019-06-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.
20 CVE-2019-4066 20 Exec Code 2019-06-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011.
21 CVE-2019-4035 20 2019-03-22 2019-10-09
6.4
None Remote Low Not required Partial Partial None
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.
22 CVE-2019-4034 20 Exec Code 2019-03-14 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000.
23 CVE-2018-2001 352 CSRF 2019-05-07 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.
24 CVE-2018-2000 352 CSRF 2019-04-08 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.
25 CVE-2018-1974 2019-03-11 2019-10-09
6.0
None Remote Medium Single system Partial Partial Partial
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.
26 CVE-2018-1969 434 2019-01-14 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.
27 CVE-2018-1927 352 CSRF 2018-11-30 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118.
28 CVE-2018-1926 352 CSRF 2018-12-12 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992.
29 CVE-2018-1901 +Priv 2018-12-12 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530.
30 CVE-2018-1888 426 Exec Code 2019-01-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079.
31 CVE-2018-1884 22 Exec Code Dir. Trav. 2018-11-12 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.
32 CVE-2018-1859 2019-01-04 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.
33 CVE-2018-1858 352 CSRF 2019-06-25 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.
34 CVE-2018-1840 668 +Priv 2018-12-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813.
35 CVE-2018-1819 89 Sql 2018-10-04 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023.
36 CVE-2018-1808 20 2018-11-13 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.
37 CVE-2018-1790 352 CSRF 2019-05-10 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944.
38 CVE-2018-1789 918 2018-09-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.
39 CVE-2018-1774 94 Exec Code 2018-11-08 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.
40 CVE-2018-1741 20 DoS 2018-10-08 2019-10-09
6.4
None Remote Low Not required None Partial Partial
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other consequences. IBM X-Force ID: 148420.
41 CVE-2018-1727 611 2019-02-15 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.
42 CVE-2018-1701 Exec Code 2019-02-15 2019-10-09
6.0
None Remote Medium Single system Partial Partial Partial
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.
43 CVE-2018-1699 89 Sql 2018-08-24 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.
44 CVE-2018-1695 2018-09-06 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.
45 CVE-2018-1674 89 Sql 2018-09-20 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.
46 CVE-2018-1672 287 2018-10-01 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
47 CVE-2018-1661 352 CSRF 2018-12-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.
48 CVE-2018-1638 287 2018-07-31 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.
49 CVE-2018-1622 352 CSRF 2019-04-02 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.
50 CVE-2018-1595 Exec Code 2018-08-01 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.
Total number of vulnerabilities : 519   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.