Total
7429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1644 | 1 Ibm | 1 Websphere Commerce | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user. | |||||
| CVE-2018-1639 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579. | |||||
| CVE-2018-1625 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410. | |||||
| CVE-2018-1623 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408. | |||||
| CVE-2018-1614 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. | |||||
| CVE-2018-1612 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164. | |||||
| CVE-2018-1606 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796. | |||||
| CVE-2018-1587 | 1 Ibm | 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500. | |||||
| CVE-2018-1568 | 1 Ibm | 1 Qradar Incident Forensics | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118. | |||||
| CVE-2018-1564 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968. | |||||
| CVE-2018-1553 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890. | |||||
| CVE-2018-1548 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657. | |||||
| CVE-2018-1546 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650. | |||||
| CVE-2018-1532 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430. | |||||
| CVE-2018-1528 | 1 Ibm | 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. | |||||
| CVE-2018-1505 | 1 Ibm | 1 I2 Enterprise Insight Analysis | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413. | |||||
| CVE-2018-1481 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763. | |||||
| CVE-2018-1476 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 140757. | |||||
| CVE-2018-1470 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688. | |||||
| CVE-2018-1468 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399. | |||||