National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ibm:integration_bus:10.0
There are 9 matching records.
Vuln ID Summary CVSS Severity
CVE-2017-1693

IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.

Published: January 19, 2018; 09:29:00 AM -05:00
V3: 5.6 MEDIUM
V2: 6.8 MEDIUM
CVE-2017-1144

IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.

Published: July 05, 2017; 02:29:00 PM -04:00
V3: 2.5 LOW
V2: 1.9 LOW
CVE-2016-9706

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.

Published: February 15, 2017; 02:59:01 PM -05:00
V3: 9.1 CRITICAL
V2: 8.5 HIGH
CVE-2016-9010

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.

Published: February 15, 2017; 02:59:01 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-8918

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.

Published: February 01, 2017; 03:59:02 PM -05:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-0394

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.

Published: February 01, 2017; 03:59:00 PM -05:00
V3: 3.3 LOW
V2: 2.1 LOW
CVE-2016-2961

The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.

Published: July 02, 2016; 10:59:17 AM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2015-7399

IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors.

Published: January 11, 2016; 06:59:02 AM -05:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2015-2018

IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Published: August 23, 2015; 11:59:00 AM -04:00
V2: 3.5 LOW