Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4382: IBM API Connect information disclosure CVE-2019-4382 Vulnerability Report

IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.

CVE
Open in Source
#vulnerability#auth#ibm
CVE-2019-4156: IBM Security Access Manager information disclosure CVE-2019-4156 Vulnerability Report

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.

CVE-2019-4158: IBM Security Access Manager improper authentication CVE-2019-4158 Vulnerability Report

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.

CVE-2019-4152: IBM Security Access Manager session fixation CVE-2019-4152 Vulnerability Report

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.

CVE-2019-4385: Security Bulletin: Password exposure via job log in IBM Spectrum Protect Plus (CVE-2019-4385)

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

CVE-2019-4384: IBM Campaign directory traversal CVE-2019-4384 Vulnerability Report

IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172.

CVE-2017-1107: IBM Marketing Platform information disclosure CVE-2017-1107 Vulnerability Report

IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.

CVE-2019-4364: IBM Maximo Asset Management code execution CVE-2019-4364 Vulnerability Report

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

CVE-2019-4136: Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332.

CVE-2019-4173: IBM Cognos Controller information disclosure CVE-2019-4173 Vulnerability Report

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.