Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4424: IBM Business Automation Workflow XML external entity injection CVE-2019-4424 Vulnerability Report

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.

CVE
Open in Source
#vulnerability#ibm
CVE-2019-4340: IBM Security Guardium Big Data Intelligence XML external entity injection CVE-2019-4340 Vulnerability Report

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419.

CVE-2019-4338: Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Denial of service vulnerability

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417.

CVE-2019-4482: IBM Emptoris Spend Analysis cross-site scripting CVE-2019-4482 Vulnerability Report

IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066.

CVE-2019-4437: Security Bulletin: API Connect V2018 is impacted by a information disclosure vulnerability (CVE-2019-4437)

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.

CVE-2019-4294: Security Bulletin: IBM MQ Appliance is affected by a command injection vulnerability (CVE-2019-4294)

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.

CVE-2019-4485: Security Bulletin: Error Message Vulnerabilities Affect IBM Emptoris Sourcing, IBM Emptoris Contract Management and IBM Emptoris Spend Analysis.

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.

CVE-2019-4483: Security Bulletin: SQL Injection Affects IBM Emptoris Spend Analysis and IBM Emptoris Contract Management (CVE-2019-4481, CVE-2019-4483)

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.

CVE-2019-4420: Security Bulletin: IBM® Intelligent Operations Center might disclose sensitive information in error messages (CVE-2019-4420)

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.

CVE-2019-4310: Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Improper Restriction of Excessive Authentication Attempts vulnerability

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.