| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. |
| IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. |
| IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
| IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980. |
| The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. |
| The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. |
| Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality. |
| AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. |
| The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
| The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. |
| The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. |
| Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. |
| The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. |
| Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. |
| The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. |
| OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website. |
| Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015 |
