| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-4382 |
1 Ibm |
1 Api Connect |
2019-06-25 |
5.0 |
| IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. |
| CVE-2019-4377 |
1 Ibm |
1 Sterling B2b Integrator |
2019-06-25 |
4.0 |
| IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. |
| CVE-2018-2013 |
1 Ibm |
1 Api Connect |
2019-06-25 |
5.0 |
| IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193. |
| CVE-2018-1858 |
1 Ibm |
1 Api Connect |
2019-06-25 |
6.8 |
| IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256. |
| CVE-2017-1107 |
1 Ibm |
1 Marketing Platform |
2019-06-21 |
4.0 |
| IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906. |
| CVE-2018-2008 |
1 Ibm |
1 Tririga Application Platform |
2019-06-21 |
4.0 |
| IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146. |
| CVE-2018-1845 |
1 Ibm |
5 Infosphere Governance Catalog, Infosphere Information Server, Infosphere Information Server Business Glossary and 2 more |
2019-06-20 |
5.5 |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory... |
| CVE-2019-4384 |
1 Ibm |
1 Campaign |
2019-06-20 |
4.0 |
| IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172. |
| CVE-2019-4103 |
1 Ibm |
1 Tivoli Netcool%2fimpact |
2019-06-20 |
7.7 |
| IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094. |
| CVE-2019-4303 |
1 Ibm |
10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more |
2019-06-19 |
3.5 |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... |
| CVE-2019-4364 |
1 Ibm |
10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more |
2019-06-19 |
8.5 |
| IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. |
| CVE-2019-4173 |
1 Ibm |
1 Cognos Controller |
2019-06-18 |
4.0 |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker... |
| CVE-2019-4174 |
1 Ibm |
1 Cognos Controller |
2019-06-18 |
2.1 |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879. |
| CVE-2019-4136 |
1 Ibm |
1 Cognos Controller |
2019-06-18 |
3.5 |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2019-4142 |
1 Ibm |
1 Cloud Private |
2019-06-18 |
6.8 |
| IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338. |
| CVE-2019-4381 |
1 Ibm |
1 I |
2019-06-18 |
2.1 |
| IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC... |
| CVE-2019-4176 |
1 Ibm |
1 Cognos Controller |
2019-06-18 |
5.0 |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to... |
| CVE-2019-4177 |
1 Ibm |
1 Cognos Controller |
2019-06-18 |
2.1 |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882. |
| CVE-2019-4239 |
1 Ibm |
1 Cloud Private |
2019-06-17 |
2.1 |
| IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465. |
| CVE-2019-4403 |
1 Ibm |
1 Connections |
2019-06-17 |
3.5 |
| IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted... |
