Check CVE Id
Check CWE Id
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
(Untrusted Search Path)
Client application access
CVSS Base Score
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
IBM DataPower Gateway 2018.4.1.0, 126.96.36.199 through 188.8.131.52, 184.108.40.206 through 220.127.116.11, 18.104.22.168 through 22.214.171.124, 126.96.36.199 through 188.8.131.52, and 184.108.40.206 through 220.127.116.11 could allow an authenticated user to inject arbitrary messages that would be display...
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IB...
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-For...
IBM App Connect V18.104.22.168 through V22.214.171.124, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V126.96.36.199 through V188.8.131.52, and WebSphere Message Broker V184.108.40.206 through V220.127.116.11 is vulnerable to a XML External Entity Injection (XX...
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.
IBM API Connect 18.104.22.168 through 22.214.171.124 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.
Back to Top