Security Vulnerabilities - CVEs Published In July 2018
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-07-06
An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.
CVSS Score
3.7
EPSS Score
0.002
Published
2018-07-06
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-07-06
Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.
CVSS Score
3.1
EPSS Score
0.002
Published
2018-07-06
IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.
CVSS Score
4.4
EPSS Score
0.0
Published
2018-07-06
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-07-06
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
CVSS Score
4.8
EPSS Score
0.0
Published
2018-07-06
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.
CVSS Score
7.3
EPSS Score
0.002
Published
2018-07-06
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-07-06
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
CVSS Score
9.8
EPSS Score
0.012
Published
2018-07-06