VYPR

Vendor CVEs

IBM

All CVEs

8,259 total · sorted by risk
  • CVE-2016-9749MedNov 9, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.

  • CVE-2016-0234MedAug 30, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.

  • CVE-2018-1655MedJun 22, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.

  • CVE-2017-1733MedApr 4, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.

  • CVE-2017-1756MedMar 30, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.

  • CVE-2017-1654MedMar 2, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.

  • CVE-2017-1773MedJan 31, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.

  • CVE-2017-1783MedJan 29, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.

  • CVE-2016-0382MedMay 3, 2017
    risk 0.26cvss 4.0epss 0.00

    The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.

  • CVE-2016-6097MedFeb 7, 2017
    risk 0.26cvss 4.0epss 0.00

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2016-3024MedFeb 1, 2017
    risk 0.26cvss 4.0epss 0.00

    IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2015-4991MedFeb 15, 2016
    risk 0.26cvss 4.0epss 0.00

    IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file.

  • CVE-2015-2012MedFeb 8, 2016
    risk 0.26cvss 4.0epss 0.00

    The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading…

  • CVE-2015-7416MedJan 2, 2016
    risk 0.26cvss 4.0epss 0.01

    AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file.

  • CVE-2015-7403MedJan 2, 2016
    risk 0.26cvss 4.0epss 0.00

    IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.

  • CVE-2015-4990MedJan 2, 2016
    risk 0.26cvss 4.0epss 0.00

    The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges…

  • CVE-2025-2987LowApr 22, 2025
    risk 0.25cvss 3.8epss 0.00

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

  • CVE-2023-22591LowMar 15, 2023
    risk 0.25cvss 3.9epss 0.00

    IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.

  • CVE-2022-22450LowJul 14, 2022
    risk 0.25cvss 3.8epss 0.01

    IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.

  • CVE-2020-4919LowJan 4, 2021
    risk 0.25cvss 3.8epss 0.01

    IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.

  • CVE-2018-2412LowApr 10, 2018
    risk 0.25cvss 3.8epss 0.01

    SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

  • CVE-2016-0281LowAug 8, 2016
    risk 0.25cvss 3.7epss 0.08

    The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.

  • CVE-2025-25046LowApr 23, 2025
    risk 0.24cvss 3.7epss 0.00

    IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.

  • CVE-2024-41760LowMar 11, 2025
    risk 0.24cvss 3.7epss 0.00

    IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.

  • CVE-2021-20455LowJan 7, 2025
    risk 0.24cvss 3.7epss 0.00

    IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-49820LowDec 17, 2024
    risk 0.24cvss 3.7epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive…

  • CVE-2024-43173LowOct 22, 2024
    risk 0.24cvss 3.7epss 0.00

    IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

  • CVE-2022-43845LowSep 25, 2024
    risk 0.24cvss 3.7epss 0.00

    IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

  • CVE-2022-33167LowJul 30, 2024
    risk 0.24cvss 3.7epss 0.00

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive…

  • CVE-2023-23474LowMay 3, 2024
    risk 0.24cvss 3.7epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.

  • CVE-2023-33855LowMar 26, 2024
    risk 0.24cvss 3.7epss 0.00

    Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: …

  • CVE-2023-32335LowMar 13, 2024
    risk 0.24cvss 3.7epss 0.01

    IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM…

  • CVE-2023-50328LowFeb 2, 2024
    risk 0.24cvss 3.7epss 0.01

    IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.

  • CVE-2023-50950LowJan 17, 2024
    risk 0.24cvss 3.7epss 0.00

    IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.

  • CVE-2022-43892LowOct 17, 2023
    risk 0.24cvss 3.7epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455.

  • CVE-2022-33160LowOct 6, 2023
    risk 0.24cvss 3.7epss 0.00

    IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.

  • CVE-2023-38718LowSep 20, 2023
    risk 0.24cvss 3.7epss 0.00

    IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.

  • CVE-2023-40370LowAug 22, 2023
    risk 0.24cvss 3.7epss 0.00

    IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.

  • CVE-2023-29259LowJul 19, 2023
    risk 0.24cvss 3.7epss 0.00

    IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.

  • CVE-2023-33847LowJun 8, 2023
    risk 0.24cvss 3.7epss 0.01

    IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting…

  • CVE-2023-33849LowJun 7, 2023
    risk 0.24cvss 3.7epss 0.00

    IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.

  • CVE-2023-32334LowJun 5, 2023
    risk 0.24cvss 3.7epss 0.01

    IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM…

  • CVE-2022-22462LowJan 26, 2023
    risk 0.24cvss 3.7epss 0.00

    IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.

  • CVE-2022-40228LowNov 22, 2022
    risk 0.24cvss 3.7epss 0.00

    IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM…

  • CVE-2022-34316LowNov 14, 2022
    risk 0.24cvss 3.7epss 0.01

    IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.

  • CVE-2003-5002LowMar 28, 2022
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported…

  • CVE-2020-4243LowAug 5, 2020
    risk 0.24cvss 3.7epss 0.01

    IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420.

  • CVE-2019-4638LowJan 28, 2020
    risk 0.24cvss 3.7epss 0.01

    IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.

  • CVE-2019-4214LowNov 22, 2019
    risk 0.24cvss 3.7epss 0.00

    IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.

  • CVE-2019-4171LowSep 17, 2019
    risk 0.24cvss 3.7epss 0.01

    IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.

Page 100 of 166