Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1246 1 Dell 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.
CVE-2018-1255 1 Emc 1 Rsa Identity Governance And Lifecycle 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
CVE-2018-1279 1 Pivotal Software 1 Rabbitmq 2019-10-09 3.3 LOW 6.5 MEDIUM
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
CVE-2018-1604 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143794.
CVE-2018-1715 1 Ibm 1 Maximo Asset Management 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003.
CVE-2018-1522 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141803.
CVE-2018-1485 1 Ibm 1 Bigfix Platform 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 140970.
CVE-2018-1483 1 Ibm 1 Websphere Portal 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.
CVE-2018-1523 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141804.
CVE-2018-1507 1 Ibm 1 Rational Doors Next Generation 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415.
CVE-2018-1504 1 Ibm 1 I2 Enterprise Insight Analysis 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 141340.
CVE-2018-1521 1 Ibm 1 Rational Team Concert 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141802.
CVE-2018-1481 1 Ibm 1 Bigfix Platform 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763.
CVE-2018-1503 1 Ibm 1 Websphere Mq 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.
CVE-2018-1494 1 Ibm 1 Rational Doors Next Generation 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141097.
CVE-2018-1729 1 Ibm 1 Qradar Security Information And Event Manager 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147708.
CVE-2018-1734 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.
CVE-2018-1736 1 Ibm 1 Websphere Portal 2019-10-09 5.8 MEDIUM 6.1 MEDIUM
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
CVE-2018-1528 1 Ibm 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
CVE-2018-1532 1 Ibm 1 Api Connect 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.
CVE-2018-1697 1 Ibm 1 Maximo Asset Management 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.
CVE-2018-1535 1 Ibm 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557.
CVE-2018-1513 1 Ibm 1 Sterling B2b Integrator 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551.
CVE-2018-1691 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145582.
CVE-2018-1546 1 Ibm 1 Api Connect 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650.
CVE-2018-1347 1 Netiq 1 Imanager 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
CVE-2018-1047 1 Redhat 3 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Wildfly Application Server 2019-10-09 2.1 LOW 5.5 MEDIUM
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
CVE-2018-1585 1 Ibm 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143498.
CVE-2018-1708 1 Ibm 2 Platform Symphony, Specturm Symphony 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343.
CVE-2018-1672 1 Ibm 1 Websphere Portal 2019-10-09 6.5 MEDIUM 6.3 MEDIUM
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
CVE-2018-1663 1 Ibm 1 Datapower Gateway 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889.
CVE-2018-1659 1 Ibm 1 Rational Engineering Lifecycle Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885.
CVE-2018-1657 1 Ibm 1 Rational Publishing Engine 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883.
CVE-2018-1654 1 Ibm 1 Curam Social Program Management 2019-10-09 5.8 MEDIUM 6.1 MEDIUM
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747.
CVE-2018-1652 1 Ibm 2 Datapower Gateway, Mq Appliance 2019-10-09 2.1 LOW 5.5 MEDIUM
IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724.
CVE-2018-1650 1 Ibm 1 Qradar Incident Forensics 2019-10-09 2.1 LOW 5.5 MEDIUM
IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.
CVE-2018-1106 4 Canonical, Debian, Packagekit Project and 1 more 9 Ubuntu Linux, Debian Linux, Packagekit and 6 more 2019-10-09 2.1 LOW 5.5 MEDIUM
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
CVE-2018-1644 1 Ibm 1 Websphere Commerce 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.
CVE-2018-1643 1 Ibm 1 Websphere Application Server 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588
CVE-2018-1593 1 Ibm 1 Multi-cloud Data Encryption 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568.
CVE-2018-1639 1 Ibm 1 Jazz Reporting Service 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579.
CVE-2018-1374 1 Ibm 1 Websphere Mq 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.
CVE-2018-1249 1 Dell 1 Idrac9 Firmware 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.
CVE-2018-1403 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138439.
CVE-2018-1439 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139589.
CVE-2018-1079 2 Clusterlabs, Redhat 2 Pacemaker Command Line Interface, Enterprise Linux 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
CVE-2018-1096 2 Redhat, Theforeman 2 Satellite, Foreman 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
CVE-2018-1380 1 Ibm 1 Infosphere Master Data Management 2019-10-09 4.0 MEDIUM 4.9 MEDIUM
IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077.
CVE-2018-1114 1 Redhat 3 Undertow, Virtualization, Virtualization Host 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVE-2018-1370 1 Ibm 1 Security Guardium Big Data Intelligence 2019-10-09 6.5 MEDIUM 5.4 MEDIUM
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769.