Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6706 | 1 Mcafee | 1 Agent | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors. | |||||
| CVE-2018-6756 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. | |||||
| CVE-2018-8868 | 1 Medtronic | 4 24950 Mycarelink Monitor, 24950 Mycarelink Monitor Firmware, 24952 Mycarelink Monitor and 1 more | 2019-10-09 | 6.9 MEDIUM | 6.4 MEDIUM |
| Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. | |||||
| CVE-2018-8861 | 1 Philips | 8 Brilliance Ct Big Bore, Brilliance Ct Big Bore Firmware, Brilliance 64 and 5 more | 2019-10-09 | 6.8 MEDIUM | 8.7 HIGH |
| Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system. | |||||
| CVE-2018-8858 | 1 Vecna | 2 Vgo, Vgo Firmware | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials. | |||||
| CVE-2018-7691 | 1 Microfocus | 1 Fortify Software Security Center | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | |||||
| CVE-2018-7690 | 1 Microfocus | 1 Fortify Software Security Center | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | |||||
| CVE-2018-7673 | 1 Netiq | 1 Identity Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. | |||||
| CVE-2018-6757 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-8790 | 1 Checkpoint | 1 Zonealarm | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. | |||||
| CVE-2018-7522 | 1 Schneider-electric | 2 Triconex Tricon Mp 3008, Triconex Tricon Mp 3008 Firmware | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states. | |||||
| CVE-2018-4836 | 1 Siemens | 1 Telecontrol Server Basic | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations. | |||||
| CVE-2018-6589 | 1 Ca | 1 Spectrum | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2018-5437 | 1 Tibco | 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
| The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0. | |||||
| CVE-2018-5429 | 1 Tibco | 5 Jasperreports Library, Jasperreports Server, Jaspersoft and 2 more | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2. | |||||
| CVE-2018-5435 | 1 Tibco | 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0. | |||||
| CVE-2018-6505 | 1 Hp | 1 Arcsight Management Center | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads. | |||||
| CVE-2018-4837 | 1 Siemens | 1 Telecontrol Server Basic | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition. | |||||
| CVE-2018-6503 | 1 Hp | 1 Arcsight Management Center | 2019-10-09 | 6.8 MEDIUM | 6.5 MEDIUM |
| A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls. | |||||
| CVE-2018-4854 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2019-10-09 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system. | |||||
| CVE-2018-4839 | 1 Siemens | 17 Digsi 4, En100 Ethernet Module Dnp3, En100 Ethernet Module Dnp3 Firmware and 14 more | 2019-10-09 | 3.5 LOW | 5.3 MEDIUM |
| A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77), SIPROTEC Compact 7SJ66 (All versions < V4.30), Other SIPROTEC Compact relays (All versions), Other SIPROTEC 4 relays (All versions). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. | |||||
| CVE-2018-6678 | 1 Mcafee | 1 Mcafee Web Gateway | 2019-10-09 | 6.5 MEDIUM | 9.1 CRITICAL |
| Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2018-4856 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users. | |||||
| CVE-2018-5454 | 1 Philips | 1 Intellispace Portal | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime. | |||||
| CVE-2018-4850 | 1 Siemens | 4 Simatic S7-400, Simatic S7-400 Firmware, Simatic S7-400h and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. | |||||
| CVE-2018-5412 | 1 Imperva | 1 Securesphere | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. | |||||
| CVE-2018-5472 | 1 Philips | 1 Intellispace Portal | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code. | |||||
| CVE-2018-6491 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2019-10-09 | 7.2 HIGH | 9.8 CRITICAL |
| Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege. | |||||
| CVE-2018-6668 | 1 Mcafee | 1 Application Change Control | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell. | |||||
| CVE-2018-6671 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. | |||||
| CVE-2018-4853 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device. | |||||
| CVE-2018-5468 | 1 Philips | 1 Intellispace Portal | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code | |||||
| CVE-2018-5392 | 1 Mingw | 1 Mingw-w64 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result. | |||||
| CVE-2018-3720 | 1 Assign-deep Project | 1 Assign-deep | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-3779 | 1 Activesupport Project | 1 Activesupport | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2018-3722 | 1 Merge-deep Project | 1 Merge-deep | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-3718 | 1 Zeit | 1 Serve | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | |||||
| CVE-2018-3767 | 1 Memcachier | 1 Memjs | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | |||||
| CVE-2018-2423 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2422 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2421 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-1859 | 1 Ibm | 1 Api Connect | 2019-10-09 | 6.5 MEDIUM | 4.7 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258. | |||||
| CVE-2018-1883 | 1 Ibm | 1 Mq | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969. | |||||
| CVE-2018-1903 | 1 Ibm | 1 Sterling Connect\ | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532. | |||||
| CVE-2018-1906 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663. | |||||
| CVE-2018-1813 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017. | |||||
| CVE-2018-1997 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774. | |||||
| CVE-2018-1850 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 8.5 HIGH | 7.5 HIGH |
| IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998. | |||||
| CVE-2018-1782 | 1 Ibm | 1 Spectrum Scale | 2019-10-09 | 4.9 MEDIUM | 6.5 MEDIUM |
| IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805. | |||||
| CVE-2018-1899 | 1 Ibm | 2 Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2019-10-09 | 3.3 LOW | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528. | |||||