Integration Bus@10.0 Security Vulnerabilities and Issues — Integration Bus@10.0 CVE List

Lucene search

IbmIntegration Bus10.0

12 matches found

CVE•added 2017/07/05 5:29 p.m.•53 views

CVE-2017-1207

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

5.5CVSS5AI score0.00049EPSS

CVE•added 2017/07/05 6:29 p.m.•50 views

CVE-2017-1144

IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.

2.5CVSS3.5AI score0.00058EPSS

CVE•added 2017/02/15 7:59 p.m.•48 views

CVE-2016-9706

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all av...

9.1CVSS9.2AI score0.00394EPSS

CVE•added 2016/01/11 11:59 a.m.•42 views

CVE-2015-7399

IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors.

5.3CVSS4.9AI score0.00226EPSS

CVE•added 2017/10/04 1:29 a.m.•40 views

CVE-2017-1126

IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.

5.3CVSS4.9AI score0.00186EPSS

CVE•added 2017/12/20 6:29 p.m.•36 views

CVE-2017-1694

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.

8.1CVSS7.5AI score0.0013EPSS

CVE•added 2017/02/01 8:59 p.m.•34 views

CVE-2016-0394

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.

3.3CVSS3.9AI score0.00049EPSS

CVE•added 2016/07/02 2:59 p.m.•34 views

CVE-2016-2961

The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.

5.3CVSS5AI score0.00168EPSS

CVE•added 2017/02/15 7:59 p.m.•34 views

CVE-2016-9010

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agai...

6.1CVSS6.2AI score0.00191EPSS

CVE•added 2015/08/23 3:59 p.m.•32 views

CVE-2015-2018

IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

3.5CVSS5.7AI score0.00146EPSS

CVE•added 2018/01/19 2:29 p.m.•32 views

CVE-2017-1693

IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.

6.8CVSS5.3AI score0.00294EPSS

CVE•added 2017/02/01 8:59 p.m.•28 views

CVE-2016-8918

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.

5.9CVSS5.6AI score0.00203EPSS