Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2018-2028: Security Bulletin: IBM Maximo Asset Management is vulnerable to Reverse Tabnabbing (CVE-2018-2028)

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.

CVE
Open in Source
#vulnerability#auth#ibm#ssl
CVE-2019-4220: Security Bulletin: IBM Watson Knowledge Catalog (with Information Server) is affected by a Cryptographic vulnerability

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.

CVE-2019-4039: Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4039)

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.

CVE-2019-4011

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885.

CVE-2019-4279: Security Bulletin: Remote code execution in WebSphere Application Server ND (CVE-2019-4279)

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.

CVE-2019-4207: Security Bulletin: IBM TRIRIGA Application Platform may disclose sensitive information (CVE-2019-4207)

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.

CVE-2019-4208: IBM TRIRIGA Application Platform XML external entity injection CVE-2019-4208 Vulnerability Report

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129.

CVE-2019-11811: ipmi_si: fix use-after-free of resource->name · torvalds/linux@401e7e8

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

CVE-2019-4258: IBM Sterling B2B Integrator cross-site scripting CVE-2019-4258 Vulnerability Report

IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946.

CVE-2019-4166: IBM StoredIQ HTTP open redirect CVE-2019-4166 Vulnerability Report

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699.