| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-1729 |
1 Ibm |
1 Qradar Security Information And Event Manager |
2019-04-22 |
5.0 |
| IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147708. |
| CVE-2019-4012 |
1 Ibm |
2 Bigfix Webui Profile Management, Bigfix Webui Software Distribution |
2019-04-17 |
7.5 |
| IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the... |
| CVE-2019-4061 |
1 Ibm |
1 Bigfix Platform |
2019-04-16 |
5.0 |
| IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869. |
| CVE-2018-1723 |
1 Ibm |
1 Spectrum Scale |
2019-04-16 |
2.1 |
| IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373. |
| CVE-2018-1688 |
1 Ibm |
7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more |
2019-04-16 |
3.5 |
| IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2019-4202 |
1 Ibm |
1 Api Connect |
2019-04-16 |
10.0 |
| IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123. |
| CVE-2019-4203 |
1 Ibm |
1 Api Connect |
2019-04-16 |
9.0 |
| IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. |
| CVE-2018-1842 |
2 Ibm, Netapp |
2 Cognos Analytics, Oncommand Insight |
2019-04-16 |
3.3 |
| IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. |
| CVE-2018-1825 |
1 Ibm |
2 Rational Quality Manager, Rational Collaborative Lifecycle Management |
2019-04-15 |
3.5 |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... |
| CVE-2018-1824 |
1 Ibm |
2 Rational Quality Manager, Rational Collaborative Lifecycle Management |
2019-04-15 |
3.5 |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... |
| CVE-2018-1823 |
1 Ibm |
2 Rational Quality Manager, Rational Collaborative Lifecycle Management |
2019-04-15 |
3.5 |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... |
| CVE-2018-1829 |
1 Ibm |
2 Rational Quality Manager, Rational Collaborative Lifecycle Management |
2019-04-15 |
3.5 |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... |
| CVE-2019-4178 |
1 Ibm |
1 Cognos Analytics |
2019-04-15 |
6.4 |
| IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. |
| CVE-2018-1925 |
1 Ibm |
1 Websphere Mq |
2019-04-15 |
4.3 |
| IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. |
| CVE-2018-1952 |
1 Ibm |
7 Rational Engineering Lifecycle Manager, Rational Collaborative Lifecycle Management, Rational Doors Next Generation and 4 more |
2019-04-15 |
3.5 |
| IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2018-1929 |
1 Ibm |
1 Rational Engineering Lifecycle Manager |
2019-04-15 |
4.0 |
| IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120. |
| CVE-2018-1916 |
1 Ibm |
7 Rational Engineering Lifecycle Manager, Rational Collaborative Lifecycle Management, Rational Doors Next Generation and 4 more |
2019-04-15 |
3.5 |
| IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2018-1983 |
1 Ibm |
2 Rational Team Concert, Rational Collaborative Lifecycle Management |
2019-04-15 |
3.5 |
| IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... |
| CVE-2018-1910 |
1 Ibm |
1 Rational Engineering Lifecycle Manager |
2019-04-15 |
3.5 |
| IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2019-4210 |
1 Ibm |
1 Qradar Security Information And Event Manager |
2019-04-15 |
5.5 |
| IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986. |
