This issue could allow remote attackers to obtain credentials, sensitive information, or perform other inappropriate actions. IBM X-Force ID: 227367.

CVE-2018-5780 In certain environments, it was possible for users to navigate to a URL in a team chat and open a command window to access hardware via a command in an arbitrary PowerShell script. IBM X-Force ID: 227369.

CVE-2018-5781 In certain environments, it was possible for administrators to navigate to a URL in a team chat and open a command window to access hardware via a command in an arbitrary PowerShell script. IBM X-Force ID: 227370.

CVE-2018-5782 In certain environments, it was possible for administrators to navigate to a URL in a team chat and open a command window to access hardware via a command in an arbitrary PowerShell script. IBM X-Force ID: 227371.

CVE-2018-5783 In certain environments, it was possible for administrators to navigate to a URL in a team chat and open a command window to access hardware via a command in an arbitrary PowerShell script. IBM X-Force ID: 227372.

CVE-2018-5784 In certain environments, it was possible for administrators to navigate to a URL in a team chat and open a command window to access hardware via a command in an arbitrary PowerShell script. IBM X-Force ID: 227373.

CVE-2018-5785 In certain environments,

Networking and Remote Access

IBM Business Process Manager (BPM)

Remote Code Execution Vulnerability
A vulnerability has been identified that could allow remote code execution in IBM Business Process Manager (BPM).
If exploited, this vulnerability could allow an attacker to execute arbitrary code on the BPM server.
The vulnerability is exploitable by unauthenticated attackers who have access to the affected system via a Remote Desktop Protocol session.
IBM X-Force ID: 227388.

IBM Notes and Domino CVEs

On October 18, IBM issued a security alert for its products. These products included IBM Notes and Domino. This alert warned about a vulnerability in the way the applications handle attachments where an attacker could potentially exploit it to gain remote access to an affected system.

In certain environments, this vulnerability could allow remote attackers to obtain credentials, sensitive information, or perform other inappropriate actions. IBM X-Force ID: 226982.

CVE-2018-7175 In certain environments, it was possible for users to navigate to a URL in a team chat and open a command window to access hardware via a command in an arbitrary PowerShell script. IBM X-Force ID: 227377.

^

Timeline

Published on: 10/07/2022 17:15:00 UTC
Last modified on: 10/08/2022 13:20:00 UTC

References