Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-3776 1 Nextcloud 1 Nextcloud Server 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.
CVE-2018-3825 1 Elastic 1 Elastic Cloud Enterprise 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.
CVE-2018-3717 1 Sencha 1 Connect 2019-10-09 3.5 LOW 5.4 MEDIUM
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
CVE-2018-2405 1 Sap 1 Solution Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
CVE-2018-3735 1 Bracket-template Project 1 Bracket-template 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template
CVE-2018-1902 1 Ibm 1 Websphere Application Server 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.
CVE-2018-1777 1 Ibm 1 Websphere Application Server 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148800.
CVE-2018-1872 1 Ibm 1 Maximo Asset Management 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330.
CVE-2018-1896 1 Ibm 1 Connections 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.
CVE-2018-1977 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.
CVE-2018-1928 1 Ibm 1 Storediq 2019-10-09 2.1 LOW 5.5 MEDIUM
IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.
CVE-2018-1967 1 Ibm 1 Security Identity Manager 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.
CVE-2018-1829 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432.
CVE-2018-1773 1 Ibm 1 Datacap 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691.
CVE-2018-1848 1 Ibm 3 Business Automation Workflow, Business Process Manager, Websphere 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947.
CVE-2018-1874 1 Ibm 1 Api Connect 2019-10-09 2.1 LOW 4.6 MEDIUM
IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.
CVE-2018-1857 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155.
CVE-2018-1914 1 Ibm 1 Rational Engineering Lifecycle Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152738.
CVE-2018-1775 1 Ibm 9 Flashsystem V9000, Flashsystem V9100, San Volume Controller and 6 more 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.
CVE-2018-1801 1 Ibm 3 App Connect, Integration Bus, Websphere Message Broker 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
CVE-2018-1878 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714.
CVE-2018-1899 1 Ibm 2 Infosphere Information Governance Catalog, Infosphere Information Server On Cloud 2019-10-09 3.3 LOW 4.3 MEDIUM
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528.
CVE-2018-1947 1 Ibm 1 Security Identity Governance And Intelligence 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427.
CVE-2018-1886 1 Ibm 1 Security Access Manager 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.
CVE-2018-1968 1 Ibm 1 Security Identity Manager Virtual Appliance 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749.
CVE-2018-1913 1 Ibm 1 Doors Next Generation 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152737.
CVE-2018-1910 1 Ibm 1 Rational Engineering Lifecycle Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152734.
CVE-2018-1798 1 Ibm 1 Websphere Application Server 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428.
CVE-2018-1797 1 Ibm 1 Websphere Application Server 2019-10-09 4.3 MEDIUM 5.5 MEDIUM
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427.
CVE-2018-2004 1 Ibm 1 Jazz Reporting Service 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006.
CVE-2018-1938 1 Ibm 1 Cloud Private 2019-10-09 2.1 LOW 4.4 MEDIUM
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.
CVE-2018-1871 1 Ibm 1 Financial Transaction Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329.
CVE-2018-1908 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152671.
CVE-2018-1895 1 Ibm 2 Infosphere Information Governance Catalog, Infosphere Information Server On Cloud 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159.
CVE-2018-1791 1 Ibm 1 Connections 2019-10-09 4.9 MEDIUM 4.9 MEDIUM
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946.
CVE-2018-1836 1 Ibm 1 Mq 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.
CVE-2018-1843 1 Ibm 1 Cloud Private 2019-10-09 1.9 LOW 4.1 MEDIUM
The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903
CVE-2018-1984 1 Ibm 1 Rational Team Concert 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137.
CVE-2018-1982 1 Ibm 1 Rational Team Concert 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154135.
CVE-2018-1975 1 Ibm 1 Rational Doors Web Access 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153916.
CVE-2018-1743 1 Ibm 1 Security Key Lifecycle Manager 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422.
CVE-2018-1744 1 Ibm 1 Security Key Lifecycle Manager 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423.
CVE-2018-1758 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.
CVE-2018-1762 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616.
CVE-2018-1766 1 Ibm 1 Rational Team Concert 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148620.
CVE-2018-1795 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073.
CVE-2018-1823 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426.
CVE-2018-1824 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427.
CVE-2018-1820 1 Ibm 1 Websphere Portal 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.
CVE-2018-1826 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.