Filtered by vendor Ibm
Subscribe
Total
7378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1376 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777. | |||||
| CVE-2018-1375 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776. | |||||
| CVE-2018-1374 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
| An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775. | |||||
| CVE-2018-1373 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773. | |||||
| CVE-2018-1372 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772. | |||||
| CVE-2018-1371 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771. | |||||
| CVE-2018-1370 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 6.5 MEDIUM | 4.2 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769. | |||||
| CVE-2018-1369 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767. | |||||
| CVE-2018-1368 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765. | |||||
| CVE-2018-1366 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452. | |||||
| CVE-2018-1364 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449. | |||||
| CVE-2018-1363 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448. | |||||
| CVE-2018-1362 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | 6.0 MEDIUM | 5.0 MEDIUM |
| IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380. | |||||
| CVE-2018-1361 | 1 Ibm | 1 Websphere Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158. | |||||
| CVE-2018-18202 | 1 Ibm | 4 Qlogic 20-port 4\/8 Gb San Switch Module, Qlogic 20-port 4\/8 Gb San Switch Module Firmware, Qlogic 4 Gb Fibre Channel Expansion Card and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password. | |||||
| CVE-2018-1000181 | 1 Ibm | 1 Kitura | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure. | |||||
| CVE-2017-3774 | 2 Ibm, Lenovo | 43 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 40 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption. | |||||
| CVE-2017-3768 | 2 Ibm, Lenova | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease. | |||||
| CVE-2017-3765 | 2 Ibm, Lenovo | 30 1g L2-7 Slb Switch For Bladecenter, Bladecenter 1\, Bladecenter Layer 2\/3 Copper Ethernet Switch Module and 27 more | 2024-11-21 | 6.2 MEDIUM | 7.0 HIGH |
| In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted. | |||||
| CVE-2017-1795 | 1 Ibm | 1 Websphere Mq Managed File Transfer | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. | |||||