Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2017-1786

    IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.... Read more

    Affected Products : websphere_mq mq
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1785

    IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.... Read more

    Affected Products : api_connect
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-1784

    IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-1783

    IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1779

    IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-1774

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818.... Read more

    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1773

    IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.... Read more

    Affected Products : datapower_gateway
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1772

    IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1769

    IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.... Read more

    Affected Products : business_process_manager
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1768

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471.... Read more

    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1767

    IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : business_process_manager
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1766

    Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.... Read more

    Affected Products : business_process_manager
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1765

    IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.... Read more

    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-1764

    IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.... Read more

    Affected Products : cognos_business_intelligence
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1762

    IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ... Read more

    • Published: Mar. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1761

    IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : websphere_portal
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-1758

    IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injec... Read more

    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-1756

    IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.... Read more

    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2017-1755

    IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855.... Read more

    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1753

    Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.... Read more

    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293261 Results