Vendor CVEs
IBM
All CVEs
8,259 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9749 | Med | 0.26 | 4.0 | 0.00 | Nov 9, 2018 | IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206. | ||
| CVE-2016-0234 | Med | 0.26 | 4.0 | 0.00 | Aug 30, 2018 | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303. | ||
| CVE-2018-1655 | Med | 0.26 | 4.0 | 0.00 | Jun 22, 2018 | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. | ||
| CVE-2017-1733 | Med | 0.26 | 4.0 | 0.00 | Apr 4, 2018 | IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914. | ||
| CVE-2017-1756 | Med | 0.26 | 4.0 | 0.00 | Mar 30, 2018 | IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. | ||
| CVE-2017-1654 | Med | 0.26 | 4.0 | 0.00 | Mar 2, 2018 | IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378. | ||
| CVE-2017-1773 | Med | 0.26 | 4.0 | 0.00 | Jan 31, 2018 | IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817. | ||
| CVE-2017-1783 | Med | 0.26 | 4.0 | 0.00 | Jan 29, 2018 | IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857. | ||
| CVE-2016-0382 | Med | 0.26 | 4.0 | 0.00 | May 3, 2017 | The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356. | ||
| CVE-2016-6097 | Med | 0.26 | 4.0 | 0.00 | Feb 7, 2017 | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. | ||
| CVE-2016-3024 | Med | 0.26 | 4.0 | 0.00 | Feb 1, 2017 | IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. | ||
| CVE-2015-4991 | Med | 0.26 | 4.0 | 0.00 | Feb 15, 2016 | IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file. | ||
| CVE-2015-2012 | Med | 0.26 | 4.0 | 0.00 | Feb 8, 2016 | The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading… | ||
| CVE-2015-7416 | Med | 0.26 | 4.0 | 0.01 | Jan 2, 2016 | AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. | ||
| CVE-2015-7403 | Med | 0.26 | 4.0 | 0.00 | Jan 2, 2016 | IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors. | ||
| CVE-2015-4990 | Med | 0.26 | 4.0 | 0.00 | Jan 2, 2016 | The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges… | ||
| CVE-2025-2987 | Low | 0.25 | 3.8 | 0.00 | Apr 22, 2025 | IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||
| CVE-2023-22591 | Low | 0.25 | 3.9 | 0.00 | Mar 15, 2023 | IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710. | ||
| CVE-2022-22450 | Low | 0.25 | 3.8 | 0.01 | Jul 14, 2022 | IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916. | ||
| CVE-2020-4919 | Low | 0.25 | 3.8 | 0.01 | Jan 4, 2021 | IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. | ||
| CVE-2018-2412 | Low | 0.25 | 3.8 | 0.01 | Apr 10, 2018 | SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||
| CVE-2016-0281 | Low | 0.25 | 3.7 | 0.08 | Aug 8, 2016 | The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | ||
| CVE-2025-25046 | Low | 0.24 | 3.7 | 0.00 | Apr 23, 2025 | IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | ||
| CVE-2024-41760 | Low | 0.24 | 3.7 | 0.00 | Mar 11, 2025 | IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations. | ||
| CVE-2021-20455 | Low | 0.24 | 3.7 | 0.00 | Jan 7, 2025 | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||
| CVE-2024-49820 | Low | 0.24 | 3.7 | 0.00 | Dec 17, 2024 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive… | ||
| CVE-2024-43173 | Low | 0.24 | 3.7 | 0.00 | Oct 22, 2024 | IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | ||
| CVE-2022-43845 | Low | 0.24 | 3.7 | 0.00 | Sep 25, 2024 | IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | ||
| CVE-2022-33167 | Low | 0.24 | 3.7 | 0.00 | Jul 30, 2024 | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive… | ||
| CVE-2023-23474 | Low | 0.24 | 3.7 | 0.00 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403. | ||
| CVE-2023-33855 | Low | 0.24 | 3.7 | 0.00 | Mar 26, 2024 | Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: … | ||
| CVE-2023-32335 | Low | 0.24 | 3.7 | 0.01 | Mar 13, 2024 | IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM… | ||
| CVE-2023-50328 | Low | 0.24 | 3.7 | 0.01 | Feb 2, 2024 | IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. | ||
| CVE-2023-50950 | Low | 0.24 | 3.7 | 0.00 | Jan 17, 2024 | IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709. | ||
| CVE-2022-43892 | Low | 0.24 | 3.7 | 0.00 | Oct 17, 2023 | IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455. | ||
| CVE-2022-33160 | Low | 0.24 | 3.7 | 0.00 | Oct 6, 2023 | IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. | ||
| CVE-2023-38718 | Low | 0.24 | 3.7 | 0.00 | Sep 20, 2023 | IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. | ||
| CVE-2023-40370 | Low | 0.24 | 3.7 | 0.00 | Aug 22, 2023 | IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470. | ||
| CVE-2023-29259 | Low | 0.24 | 3.7 | 0.00 | Jul 19, 2023 | IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055. | ||
| CVE-2023-33847 | Low | 0.24 | 3.7 | 0.01 | Jun 8, 2023 | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting… | ||
| CVE-2023-33849 | Low | 0.24 | 3.7 | 0.00 | Jun 7, 2023 | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105. | ||
| CVE-2023-32334 | Low | 0.24 | 3.7 | 0.01 | Jun 5, 2023 | IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM… | ||
| CVE-2022-22462 | Low | 0.24 | 3.7 | 0.00 | Jan 26, 2023 | IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078. | ||
| CVE-2022-40228 | Low | 0.24 | 3.7 | 0.00 | Nov 22, 2022 | IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM… | ||
| CVE-2022-34316 | Low | 0.24 | 3.7 | 0.01 | Nov 14, 2022 | IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452. | ||
| CVE-2003-5002 | Low | 0.24 | 3.7 | 0.00 | Mar 28, 2022 | A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported… | ||
| CVE-2020-4243 | Low | 0.24 | 3.7 | 0.01 | Aug 5, 2020 | IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420. | ||
| CVE-2019-4638 | Low | 0.24 | 3.7 | 0.01 | Jan 28, 2020 | IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044. | ||
| CVE-2019-4214 | Low | 0.24 | 3.7 | 0.00 | Nov 22, 2019 | IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185. | ||
| CVE-2019-4171 | Low | 0.24 | 3.7 | 0.01 | Sep 17, 2019 | IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876. |
- risk 0.26cvss 4.0epss 0.00
IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.
- risk 0.26cvss 4.0epss 0.00
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.
- risk 0.26cvss 4.0epss 0.00
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
- risk 0.26cvss 4.0epss 0.00
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.
- risk 0.26cvss 4.0epss 0.00
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.
- risk 0.26cvss 4.0epss 0.00
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
- risk 0.26cvss 4.0epss 0.00
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
- risk 0.26cvss 4.0epss 0.00
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.
- risk 0.26cvss 4.0epss 0.00
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.
- risk 0.26cvss 4.0epss 0.00
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
- risk 0.26cvss 4.0epss 0.00
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
- risk 0.26cvss 4.0epss 0.00
IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file.
- risk 0.26cvss 4.0epss 0.00
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading…
- risk 0.26cvss 4.0epss 0.01
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file.
- risk 0.26cvss 4.0epss 0.00
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.
- risk 0.26cvss 4.0epss 0.00
The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges…
- risk 0.25cvss 3.8epss 0.00
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
- risk 0.25cvss 3.9epss 0.00
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.
- risk 0.25cvss 3.8epss 0.01
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.
- risk 0.25cvss 3.8epss 0.01
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.
- risk 0.25cvss 3.8epss 0.01
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
- risk 0.25cvss 3.7epss 0.08
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
- risk 0.24cvss 3.7epss 0.00
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
- risk 0.24cvss 3.7epss 0.00
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
- risk 0.24cvss 3.7epss 0.00
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- risk 0.24cvss 3.7epss 0.00
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive…
- risk 0.24cvss 3.7epss 0.00
IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
- risk 0.24cvss 3.7epss 0.00
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
- risk 0.24cvss 3.7epss 0.00
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive…
- risk 0.24cvss 3.7epss 0.00
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.
- risk 0.24cvss 3.7epss 0.00
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: …
- risk 0.24cvss 3.7epss 0.01
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM…
- risk 0.24cvss 3.7epss 0.01
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.
- risk 0.24cvss 3.7epss 0.00
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.
- risk 0.24cvss 3.7epss 0.00
IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455.
- risk 0.24cvss 3.7epss 0.00
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.
- risk 0.24cvss 3.7epss 0.00
IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.
- risk 0.24cvss 3.7epss 0.00
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.
- risk 0.24cvss 3.7epss 0.00
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.
- risk 0.24cvss 3.7epss 0.01
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting…
- risk 0.24cvss 3.7epss 0.00
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.
- risk 0.24cvss 3.7epss 0.01
IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM…
- risk 0.24cvss 3.7epss 0.00
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.
- risk 0.24cvss 3.7epss 0.00
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM…
- risk 0.24cvss 3.7epss 0.01
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.
- risk 0.24cvss 3.7epss 0.00
A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported…
- risk 0.24cvss 3.7epss 0.01
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420.
- risk 0.24cvss 3.7epss 0.01
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.
- risk 0.24cvss 3.7epss 0.00
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.
- risk 0.24cvss 3.7epss 0.01
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.
Page 100 of 166