Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1504 1 Ibm 1 I2 Enterprise Insight Analysis 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 141340.
CVE-2018-1246 1 Dell 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.
CVE-2018-1704 1 Ibm 2 Platform Symphony, Spectrum Symphony 2019-10-09 4.9 MEDIUM 5.4 MEDIUM
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 146339.
CVE-2018-1724 1 Ibm 1 Spectrum Lsf 2019-10-09 4.6 MEDIUM 5.3 MEDIUM
IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. IBM X-Force ID: 147439.
CVE-2018-1255 1 Emc 1 Rsa Identity Governance And Lifecycle 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
CVE-2018-1585 1 Ibm 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143498.
CVE-2018-1140 1 Samba 1 Samba 2019-10-09 3.3 LOW 6.5 MEDIUM
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable
CVE-2018-1587 1 Ibm 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500.
CVE-2018-1656 3 Ibm, Oracle, Redhat 6 Sdk, Enterprise Manager Base Platform, Enterprise Linux Desktop and 3 more 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
CVE-2018-1660 1 Ibm 1 Websphere Portal 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886.
CVE-2018-1705 1 Ibm 2 Platform Symphony, Spectrum Symphony 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340.
CVE-2018-1706 1 Ibm 1 Spectrum Symphony 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341.
CVE-2018-1639 1 Ibm 1 Jazz Reporting Service 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579.
CVE-2018-1480 1 Ibm 1 Bigfix Platform 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762.
CVE-2018-1643 1 Ibm 1 Websphere Application Server 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588
CVE-2018-1734 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.
CVE-2018-1652 1 Ibm 2 Datapower Gateway, Mq Appliance 2019-10-09 2.1 LOW 5.5 MEDIUM
IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724.
CVE-2018-1653 1 Ibm 1 Security Access Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.
CVE-2018-1654 1 Ibm 1 Curam Social Program Management 2019-10-09 5.8 MEDIUM 6.1 MEDIUM
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747.
CVE-2018-1659 1 Ibm 1 Rational Engineering Lifecycle Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885.
CVE-2018-1250 1 Dell 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI.
CVE-2018-1047 1 Redhat 3 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Wildfly Application Server 2019-10-09 2.1 LOW 5.5 MEDIUM
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
CVE-2018-1528 1 Ibm 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
CVE-2018-1376 1 Ibm 1 Security Guardium Big Data Intelligence 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777.
CVE-2018-1390 1 Ibm 1 Financial Transaction Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221.
CVE-2018-1380 1 Ibm 1 Infosphere Master Data Management 2019-10-09 4.0 MEDIUM 4.9 MEDIUM
IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077.
CVE-2018-1404 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138440.
CVE-2018-1428 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2019-10-09 2.1 LOW 5.5 MEDIUM
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.
CVE-2018-1403 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138439.
CVE-2018-1420 1 Ibm 1 Websphere Portal 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
CVE-2018-1393 1 Ibm 1 Financial Transaction Manager 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378.
CVE-2018-1405 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138441.
CVE-2018-1394 1 Ibm 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more 2019-10-09 3.5 LOW 5.4 MEDIUM
Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.
CVE-2018-1395 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138427.
CVE-2018-1396 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138429.
CVE-2018-1398 1 Ibm 1 Sterling File Gateway 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434.
CVE-2018-1736 1 Ibm 1 Websphere Portal 2019-10-09 5.8 MEDIUM 6.1 MEDIUM
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
CVE-2018-1728 1 Ibm 1 Qradar Incident Forensics 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707.
CVE-2018-1114 1 Redhat 3 Undertow, Virtualization, Virtualization Host 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVE-2018-1419 1 Ibm 1 Websphere Mq 2019-10-09 3.5 LOW 5.3 MEDIUM
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
CVE-2018-1478 1 Ibm 1 Bigfix Platform 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 140760.
CVE-2018-1503 1 Ibm 1 Websphere Mq 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.
CVE-2018-1439 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139589.
CVE-2018-1534 1 Ibm 1 Rational Publishing Engine 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432.
CVE-2018-1440 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139595.
CVE-2018-1532 1 Ibm 1 Api Connect 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.
CVE-2018-1423 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.
CVE-2018-1441 1 Ibm 1 Monitoring 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597.
CVE-2018-1507 1 Ibm 1 Rational Doors Next Generation 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415.
CVE-2018-1443 1 Ibm 2 Security Access Manager, Tivoli Federated Identity Manager 2019-10-09 4.6 MEDIUM 5.9 MEDIUM
An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.