Tivoli Workload Scheduler
by IBM
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1386 | Hig | 0.51 | 7.8 | 0.00 | Mar 14, 2018 | IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208. | ||
| CVE-2017-1716 | Low | 0.21 | 3.3 | 0.00 | Dec 13, 2017 | IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. | ||
| CVE-2024-49351 | 0.00 | — | 0.00 | Nov 26, 2024 | IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. | |||
| CVE-2022-38389 | 0.00 | — | 0.01 | Feb 2, 2023 | IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975. | |||
| CVE-2022-22486 | 0.00 | — | 0.01 | Feb 2, 2023 | IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328. | |||
| CVE-2022-22369 | 0.00 | — | 0.00 | Aug 10, 2022 | IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. IBM X-Force ID: 221187. | |||
| CVE-2021-20349 | 0.00 | — | 0.00 | Aug 9, 2021 | IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599. | |||
| CVE-2020-4380 | 0.00 | — | 0.01 | Jun 11, 2020 | IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:… | |||
| CVE-2019-4608 | 0.00 | — | 0.01 | Mar 10, 2020 | IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… |
- risk 0.51cvss 7.8epss 0.00
IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208.
- risk 0.21cvss 3.3epss 0.00
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.
- CVE-2024-49351Nov 26, 2024risk 0.00cvss —epss 0.00
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.
- CVE-2022-38389Feb 2, 2023risk 0.00cvss —epss 0.01
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.
- CVE-2022-22486Feb 2, 2023risk 0.00cvss —epss 0.01
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328.
- CVE-2022-22369Aug 10, 2022risk 0.00cvss —epss 0.00
IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. IBM X-Force ID: 221187.
- CVE-2021-20349Aug 9, 2021risk 0.00cvss —epss 0.00
IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599.
- CVE-2020-4380Jun 11, 2020risk 0.00cvss —epss 0.01
IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
- CVE-2019-4608Mar 10, 2020risk 0.00cvss —epss 0.01
IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…