Filtered by vendor Ibm Subscriptions
Total 7718 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-9085 2 Ibm, Lenovo 56 Bladecenter, Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware and 53 more 2024-11-21 N/A
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
CVE-2018-9068 2 Ibm, Lenovo 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more 2024-11-21 N/A
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.
CVE-2018-8049 3 Ibm, Linux, Unisys 3 Aix, Linux Kernel, Stealth Svg 2024-11-21 N/A
The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.
CVE-2018-2028 1 Ibm 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more 2024-11-21 6.5 Medium
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
CVE-2018-2026 1 Ibm 1 Financial Transaction Manager 2024-11-21 N/A
IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552.
CVE-2018-2025 1 Ibm 2 Spectrum Protect, Spectrum Protect For Virtual Environments 2024-11-21 4.4 Medium
IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551.
CVE-2018-2024 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 8.1 High
IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 155350.
CVE-2018-2022 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 5.3 Medium
IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346.
CVE-2018-2021 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-11-21 6.1 Medium
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345.
CVE-2018-2019 1 Ibm 1 Security Identity Manager 2024-11-21 N/A
IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.
CVE-2018-2015 1 Ibm 1 Api Connect 2024-11-21 N/A
IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 155195.
CVE-2018-2013 1 Ibm 1 Api Connect 2024-11-21 5.3 Medium
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193.
CVE-2018-2011 1 Ibm 1 Api Connect 2024-11-21 5.3 Medium
IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150.
CVE-2018-2009 1 Ibm 1 Api Connect 2024-11-21 N/A
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.
CVE-2018-2008 1 Ibm 1 Tririga Application Platform 2024-11-21 N/A
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146.
CVE-2018-2007 1 Ibm 1 Api Connect 2024-11-21 N/A
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.
CVE-2018-2006 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2024-11-21 N/A
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008.
CVE-2018-2005 1 Ibm 1 Bigfix Platform 2024-11-21 N/A
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007
CVE-2018-2004 1 Ibm 1 Jazz Reporting Service 2024-11-21 N/A
IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006.
CVE-2018-2001 1 Ibm 1 Curam Social Program Management 2024-11-21 N/A
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.