Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1553 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890. | |||||
| CVE-2018-1723 | 1 Ibm | 1 Spectrum Scale | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373. | |||||
| CVE-2018-1423 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026. | |||||
| CVE-2018-1393 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378. | |||||
| CVE-2018-1623 | 1 Ibm | 1 Security Privileged Identity Manager | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408. | |||||
| CVE-2018-1481 | 1 Ibm | 1 Bigfix Platform | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763. | |||||
| CVE-2018-1505 | 1 Ibm | 1 I2 Enterprise Insight Analysis | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413. | |||||
| CVE-2018-1614 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. | |||||
| CVE-2018-1369 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767. | |||||
| CVE-2018-1644 | 1 Ibm | 1 Websphere Commerce | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user. | |||||
| CVE-2018-1705 | 1 Ibm | 2 Platform Symphony, Spectrum Symphony | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340. | |||||
| CVE-2018-1639 | 1 Ibm | 1 Jazz Reporting Service | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579. | |||||
| CVE-2018-1398 | 1 Ibm | 1 Sterling File Gateway | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434. | |||||
| CVE-2018-1655 | 1 Ibm | 1 Aix | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. | |||||
| CVE-2018-1606 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796. | |||||
| CVE-2018-1697 | 1 Ibm | 1 Maximo Asset Management | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966. | |||||
| CVE-2018-1532 | 1 Ibm | 1 Api Connect | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430. | |||||
| CVE-2018-1675 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110. | |||||
| CVE-2018-17917 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps. | |||||
| CVE-2018-17907 | 1 Omron | 1 Cx-supervisor | 2019-10-09 | 4.3 MEDIUM | 3.3 LOW |
| When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. | |||||