| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-18202 |
1 Ibm |
2 Qlogic 20-port 4%2f8 Gb San Switch Module Firmware, Qlogic 4 Gb Fibre Channel Expansion Card Firmware |
2018-12-12 |
5.0 |
| The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with... |
| CVE-2018-1518 |
1 Ibm |
2 Infosphere Information Server, Infosphere Information Server On Cloud |
2018-12-12 |
2.1 |
| IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682. |
| CVE-2018-1380 |
1 Ibm |
1 Infosphere Master Data Management |
2018-12-12 |
4.0 |
| IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077. |
| CVE-2018-1835 |
1 Ibm |
1 Daeja Viewone |
2018-12-12 |
5.5 |
| IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory... |
| CVE-2017-1119 |
1 Ibm |
1 Marketing Operations |
2018-12-12 |
4.0 |
| IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker... |
| CVE-2018-1774 |
1 Ibm |
1 Api Connect |
2018-12-12 |
6.8 |
| IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692. |
| CVE-2018-1842 |
1 Ibm |
1 Cognos Analytics |
2018-12-12 |
3.3 |
| IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. |
| CVE-2018-1780 |
1 Ibm |
1 Db2 |
2018-12-12 |
7.2 |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did... |
| CVE-2018-1857 |
1 Ibm |
1 Db2 |
2018-12-12 |
4.0 |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155. |
| CVE-2018-1884 |
1 Ibm |
1 Case Manager |
2018-12-12 |
6.8 |
| IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970. |
| CVE-2018-1792 |
1 Ibm |
1 Websphere Mq |
2018-12-12 |
7.2 |
| IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. |
| CVE-2018-1808 |
1 Ibm |
1 Websphere Commerce |
2018-12-12 |
6.5 |
| IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828. |
| CVE-2018-1781 |
1 Ibm |
1 Db2 |
2018-12-12 |
7.2 |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have... |
| CVE-2018-1799 |
1 Ibm |
1 Db2 |
2018-12-12 |
3.6 |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429. |
| CVE-2018-1802 |
1 Ibm |
1 Db2 |
2018-12-12 |
4.6 |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious... |
| CVE-2018-1834 |
1 Ibm |
1 Db2 |
2018-12-12 |
7.2 |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511. |
| CVE-2018-1684 |
1 Ibm |
1 Websphere Mq |
2018-12-12 |
4.0 |
| IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. |
| CVE-2016-9749 |
1 Ibm |
1 Campaign |
2018-12-11 |
2.1 |
| IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206. |
| CVE-2018-1694 |
1 Ibm |
7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more |
2018-12-11 |
4.3 |
| IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02... |
| CVE-2018-1606 |
1 Ibm |
7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more |
2018-12-11 |
4.0 |
| IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through... |
