News aggregator

CVE-2018-1626 (security_privileged_identity_manager)

National Vulnerability Database - Tue, 04/02/2019 - 10:29
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411.
Categories: Security News

CVE-2018-1640 (security_privileged_identity_manager)

National Vulnerability Database - Tue, 04/02/2019 - 10:29
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.
Categories: Security News

CVE-2018-1680 (security_privileged_identity_manager)

National Vulnerability Database - Tue, 04/02/2019 - 10:29
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.
Categories: Security News

CVE-2018-1874 (api_connect)

National Vulnerability Database - Tue, 04/02/2019 - 10:29
IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.
Categories: Security News

CVE-2018-1906 (infosphere_information_server, infosphere_information_server_on_cloud)

National Vulnerability Database - Tue, 04/02/2019 - 10:29
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.
Categories: Security News

CVE-2018-1917 (infosphere_information_server, infosphere_information_server_on_cloud)

National Vulnerability Database - Tue, 04/02/2019 - 10:29
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.
Categories: Security News

Pages