Ibm Sdk vulnerabilities
6 known vulnerabilities affecting ibm/sdk.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-40609CRITICALCVSS 9.8fixed in 7.1.5.19≥ 8.0, < 8.0.8.52023-08-02
CVE-2022-40609 [HIGH] CWE-502 CVE-2022-40609: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbit
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.
nvd
CVE-2019-4732MEDIUMCVSS 6.5≥ 7.0.0.0, ≤ 7.0.10.55≥ 7.1.0.0, ≤ 7.1.4.55+1 more2020-02-03
CVE-2019-4732 [MEDIUM] CWE-426 CVE-2019-4732: IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an att
nvd
CVE-2018-1890HIGHCVSS 7.8v8.02019-03-11
CVE-2018-1890 [MEDIUM] CWE-427 CVE-2018-1890: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facili
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
nvd
CVE-2018-1656MEDIUMCVSS 6.5v6.0v7.0+1 more2018-08-20
CVE-2018-1656 [HIGH] CWE-22 CVE-2018-1656: The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Techn
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
nvd
CVE-2017-1289HIGHCVSS 8.2≤ 6≤ 6r1+3 more2017-05-22
CVE-2017-1289 [HIGH] CWE-611 CVE-2017-1289: IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when proces
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
nvd
CVE-2016-3956HIGHCVSS 7.5≤ 1.1.0.20≤ 1.2.0.10+1 more2016-07-02
CVE-2016-3956 [HIGH] CWE-200 CVE-2016-3956: The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 befo
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
nvd