National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 4 hours 33 min ago

CVE-2018-1622 (security_privileged_identity_manager)

Tue, 04/02/2019 - 10:29
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.
Categories: Security News

CVE-2018-1623 (security_privileged_identity_manager)

Tue, 04/02/2019 - 10:29
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.
Categories: Security News

CVE-2018-1625 (security_privileged_identity_manager)

Tue, 04/02/2019 - 10:29
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410.
Categories: Security News

CVE-2018-1626 (security_privileged_identity_manager)

Tue, 04/02/2019 - 10:29
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411.
Categories: Security News

CVE-2018-1640 (security_privileged_identity_manager)

Tue, 04/02/2019 - 10:29
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.
Categories: Security News

CVE-2018-1680 (security_privileged_identity_manager)

Tue, 04/02/2019 - 10:29
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.
Categories: Security News

CVE-2018-1874 (api_connect)

Tue, 04/02/2019 - 10:29
IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.
Categories: Security News

CVE-2018-1906 (infosphere_information_server, infosphere_information_server_on_cloud)

Tue, 04/02/2019 - 10:29
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.
Categories: Security News

CVE-2018-1917 (infosphere_information_server, infosphere_information_server_on_cloud)

Tue, 04/02/2019 - 10:29
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.
Categories: Security News

Pages