VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2013-0422CriKEVJan 10, 2013
    risk 0.93cvss 9.8epss 0.98

    Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary…

  • CVE-2015-7450CriKEVJan 2, 2016
    risk 0.87cvss 9.8epss 0.98

    Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the…

  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2017-5638CriKEVMar 11, 2017
    risk 0.86cvss 9.8epss 1.00

    The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,…

  • CVE-2017-1092CriMay 22, 2017
    risk 0.73cvss 9.8epss 0.76

    IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.

  • CVE-2018-1722CriAug 24, 2018
    risk 0.66cvss 10.0epss 0.09

    IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.

  • CVE-2017-1253CriJul 5, 2017
    risk 0.65cvss 9.9epss 0.02

    IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.

  • CVE-2016-8938CriFeb 1, 2017
    risk 0.65cvss 10.0epss 0.03

    IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.

  • CVE-2016-6082CriFeb 1, 2017
    risk 0.65cvss 10.0epss 0.05

    IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.

  • CVE-2015-7411CriMar 12, 2016
    risk 0.65cvss 9.9epss 0.03

    The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.

  • CVE-2015-7425CriFeb 21, 2016
    risk 0.65cvss 10.0epss 0.04

    The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy…

  • CVE-2015-7426CriJan 2, 2016
    risk 0.65cvss 10.0epss 0.03

    The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot)…

  • CVE-2026-8175CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.01

    IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be…

  • CVE-2026-9170CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation.

  • CVE-2026-8633CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.

  • CVE-2025-13375CriFeb 4, 2026
    risk 0.64cvss 9.8epss 0.01

    IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.

  • CVE-2018-18202CriOct 10, 2018
    risk 0.64cvss 9.8epss 0.01

    The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password.

  • CVE-2018-1567CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.04

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.

  • CVE-2013-3000CriJul 9, 2018
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116.

  • CVE-2018-1457CriJun 27, 2018
    risk 0.64cvss 9.8epss 0.03

    An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.

  • CVE-2017-1601CriMay 2, 2018
    risk 0.64cvss 9.8epss 0.03

    IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.

  • CVE-2018-1475CriApr 27, 2018
    risk 0.64cvss 9.8epss 0.02

    IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.

  • CVE-2018-1418HigApr 26, 2018
    risk 0.64cvss 8.8epss 0.53

    IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.

  • CVE-2014-6120CriApr 12, 2018
    risk 0.64cvss 9.8epss 0.05

    IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified…

  • CVE-2018-1469CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.03

    IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.

  • CVE-2017-1789CriMar 22, 2018
    risk 0.64cvss 9.8epss 0.03

    IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.

  • CVE-2018-1372CriFeb 27, 2018
    risk 0.64cvss 9.8epss 0.02

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.

  • CVE-2012-2166CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.03

    IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.

  • CVE-2011-4889CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.03

    The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server,…

  • CVE-2017-1204CriJan 26, 2018
    risk 0.64cvss 9.8epss 0.02

    IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.

  • CVE-2016-0332CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.02

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695.

  • CVE-2017-1670CriJan 9, 2018
    risk 0.64cvss 9.8epss 0.02

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637.

  • CVE-2017-1710CriNov 13, 2017
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.

  • CVE-2017-1221CriNov 13, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.

  • CVE-2016-8937CriOct 5, 2017
    risk 0.64cvss 9.8epss 0.02

    The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM…

  • CVE-2017-1376CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.03

    A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.

  • CVE-2016-8964CriJul 13, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853.

  • CVE-2017-1175CriJul 5, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297.

  • CVE-2017-1269CriJul 5, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744

  • CVE-2017-1197CriJun 15, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672.

  • CVE-2016-6093CriJun 8, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

  • CVE-2017-1196CriJun 7, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671.

  • CVE-2016-6087CriJun 7, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.

  • CVE-2016-0360CriFeb 15, 2017
    risk 0.64cvss 9.8epss 0.03

    IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457.

  • CVE-2016-9005CriFeb 8, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.

  • CVE-2016-8954CriFeb 8, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.

  • CVE-2016-6095CriFeb 2, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

  • CVE-2016-6090CriFeb 1, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service.

  • CVE-2016-5964CriFeb 1, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

Page 1 of 166