VYPR

Vendor CVEs

IBM

All CVEs

8,258 total · sorted by risk
  • CVE-2017-1272LowDec 17, 2018
    risk 0.24cvss 3.7epss 0.02

    IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747.

  • CVE-2017-1265LowDec 17, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.

  • CVE-2018-1804LowDec 13, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID:…

  • CVE-2018-1484LowDec 12, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to.…

  • CVE-2018-1481LowDec 12, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763.

  • CVE-2017-1622LowDec 5, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.

  • CVE-2018-1593LowOct 2, 2018
    risk 0.24cvss 3.7epss 0.00

    IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568.

  • CVE-2018-1509LowOct 2, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a…

  • CVE-2016-2922LowAug 13, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to…

  • CVE-2017-1367LowJul 13, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.…

  • CVE-2017-1488LowJul 6, 2018
    risk 0.24cvss 3.7epss 0.01

    An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.

  • CVE-2018-1419LowJun 15, 2018
    risk 0.24cvss 3.7epss 0.02

    IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.

  • CVE-2018-1369LowMay 29, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767.

  • CVE-2016-0366LowFeb 21, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071.

  • CVE-2016-0351LowFeb 21, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.…

  • CVE-2017-1669LowJan 4, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636.

  • CVE-2017-1497LowDec 7, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695.

  • CVE-2017-1355LowDec 7, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682.

  • CVE-2017-1341LowDec 7, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.

  • CVE-2017-1228LowOct 26, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using…

  • CVE-2017-1520LowSep 12, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

  • CVE-2016-0238LowJul 5, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409

  • CVE-2016-6102LowMar 27, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.

  • CVE-2016-5953LowFeb 1, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.

  • CVE-2016-3045LowFeb 1, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.

  • CVE-2016-0297LowFeb 1, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.

  • CVE-2016-2953LowNov 30, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.

  • CVE-2016-2952LowNov 30, 2016
    risk 0.24cvss 3.7epss 0.02

    IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.

  • CVE-2016-2951LowNov 30, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

  • CVE-2016-0378LowNov 24, 2016
    risk 0.24cvss 3.7epss 0.02

    IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.

  • CVE-2016-0372LowNov 24, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5;…

  • CVE-2016-0353LowNov 24, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an…

  • CVE-2016-0240LowOct 22, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.

  • CVE-2016-0248LowSep 26, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors.

  • CVE-2016-0266LowAug 8, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-5444LowJul 21, 2016
    risk 0.24cvss 3.7epss 0.04

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

  • CVE-2016-3452LowJul 21, 2016
    risk 0.24cvss 3.7epss 0.04

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security:…

  • CVE-2016-2861LowJul 2, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2016-0208LowMar 14, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.

  • CVE-2015-7408LowFeb 15, 2016
    risk 0.24cvss 3.7epss 0.01

    The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.

  • CVE-2015-4989LowJan 2, 2016
    risk 0.24cvss 3.7epss 0.01

    The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an…

  • CVE-2015-7421LowJan 1, 2016
    risk 0.24cvss 3.7epss 0.02

    Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.

  • CVE-2015-7420LowJan 1, 2016
    risk 0.24cvss 3.7epss 0.02

    Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.

  • CVE-2024-30106LowOct 28, 2024
    risk 0.23cvss 3.5epss 0.00

    HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.

  • CVE-2023-37541LowJun 25, 2024
    risk 0.23cvss 3.5epss 0.00

    HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.

  • CVE-2023-37397LowApr 19, 2024
    risk 0.23cvss 3.6epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.

  • CVE-2024-30107LowApr 18, 2024
    risk 0.23cvss 3.5epss 0.00

    HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.

  • CVE-2024-23557LowApr 18, 2024
    risk 0.23cvss 3.5epss 0.00

    HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack.

  • CVE-2021-20534LowJul 15, 2021
    risk 0.23cvss 3.5epss 0.01

    IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to…

  • CVE-2020-4725LowMar 2, 2021
    risk 0.23cvss 3.5epss 0.01

    IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974.

Page 101 of 166