Vendor CVEs
IBM
All CVEs
8,258 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-4349 | Low | 0.23 | 3.5 | 0.00 | Nov 3, 2020 | IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486 | ||
| CVE-2019-4616 | Low | 0.23 | 3.5 | 0.00 | Feb 5, 2020 | IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to… | ||
| CVE-2019-4271 | Low | 0.23 | 3.5 | 0.01 | Sep 17, 2019 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. | ||
| CVE-2018-1917 | Low | 0.23 | 3.5 | 0.01 | Apr 2, 2019 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784. | ||
| CVE-2018-1842 | Low | 0.23 | 3.6 | 0.00 | Nov 9, 2018 | IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. | ||
| CVE-2017-1353 | Low | 0.23 | 3.5 | 0.01 | Dec 7, 2017 | IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680. | ||
| CVE-2016-3009 | Low | 0.23 | 3.5 | 0.01 | Nov 30, 2016 | Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page. | ||
| CVE-2016-2998 | Low | 0.23 | 3.5 | 0.00 | Sep 1, 2016 | Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data. | ||
| CVE-2015-4962 | Low | 0.23 | 3.5 | 0.00 | Jan 3, 2016 | Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x… | ||
| CVE-2016-0643 | Low | 0.22 | 3.3 | 0.02 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML. | ||
| CVE-2025-0759 | Low | 0.21 | 3.3 | 0.00 | Feb 27, 2025 | IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization. | ||
| CVE-2024-56812 | Low | 0.21 | 3.3 | 0.00 | Feb 27, 2025 | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||
| CVE-2024-56811 | Low | 0.21 | 3.3 | 0.00 | Feb 27, 2025 | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||
| CVE-2024-56810 | Low | 0.21 | 3.3 | 0.00 | Feb 27, 2025 | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||
| CVE-2024-56496 | Low | 0.21 | 3.3 | 0.00 | Feb 27, 2025 | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||
| CVE-2024-56495 | Low | 0.21 | 3.3 | 0.00 | Feb 27, 2025 | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||
| CVE-2024-56494 | Low | 0.21 | 3.3 | 0.00 | Feb 27, 2025 | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||
| CVE-2024-56493 | Low | 0.21 | 3.3 | 0.00 | Feb 27, 2025 | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||
| CVE-2024-45674 | Low | 0.21 | 3.3 | 0.00 | Feb 22, 2025 | IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a… | ||
| CVE-2024-56467 | Low | 0.21 | 3.3 | 0.00 | Feb 6, 2025 | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||
| CVE-2023-35022 | Low | 0.21 | 3.3 | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254. | ||
| CVE-2024-31870 | Low | 0.21 | 3.3 | 0.00 | Jun 15, 2024 | IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that… | ||
| CVE-2024-22333 | Low | 0.21 | 3.3 | 0.00 | Jun 13, 2024 | IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. | ||
| CVE-2023-26279 | Low | 0.21 | 3.3 | 0.00 | Nov 24, 2023 | IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160. | ||
| CVE-2023-35018 | Low | 0.21 | 3.3 | 0.00 | Oct 16, 2023 | IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. | ||
| CVE-2022-42442 | Low | 0.21 | 3.3 | 0.00 | Nov 3, 2022 | IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. | ||
| CVE-2022-22314 | Low | 0.21 | 3.3 | 0.00 | Sep 8, 2022 | IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. | ||
| CVE-2022-22326 | Low | 0.21 | 3.3 | 0.00 | Aug 1, 2022 | IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. | ||
| CVE-2021-20551 | Low | 0.21 | 3.3 | 0.00 | Jun 24, 2022 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. | ||
| CVE-2022-22426 | Low | 0.21 | 3.3 | 0.00 | Jun 10, 2022 | IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized… | ||
| CVE-2020-4951 | Low | 0.21 | 3.3 | 0.00 | Oct 15, 2021 | IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | ||
| CVE-2020-4809 | Low | 0.21 | 3.3 | 0.00 | Sep 23, 2021 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. | ||
| CVE-2020-4805 | Low | 0.21 | 3.3 | 0.00 | Sep 23, 2021 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | ||
| CVE-2020-4803 | Low | 0.21 | 3.3 | 0.00 | Sep 23, 2021 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | ||
| CVE-2021-20478 | Low | 0.21 | 3.3 | 0.00 | Jul 20, 2021 | IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497. | ||
| CVE-2021-20396 | Low | 0.21 | 3.3 | 0.00 | Jun 11, 2021 | IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009. | ||
| CVE-2021-20575 | Low | 0.21 | 3.3 | 0.00 | Jun 1, 2021 | IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. | ||
| CVE-2020-4765 | Low | 0.21 | 3.3 | 0.00 | May 19, 2021 | IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902. | ||
| CVE-2021-20391 | Low | 0.21 | 3.3 | 0.00 | May 14, 2021 | IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999. | ||
| CVE-2021-29671 | Low | 0.21 | 3.3 | 0.00 | Apr 9, 2021 | IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478. | ||
| CVE-2020-4726 | Low | 0.21 | 3.3 | 0.00 | Mar 2, 2021 | The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. | ||
| CVE-2020-4889 | Low | 0.21 | 3.3 | 0.00 | Jan 26, 2021 | IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971. | ||
| CVE-2020-4906 | Low | 0.21 | 3.3 | 0.00 | Dec 16, 2020 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | ||
| CVE-2020-4886 | Low | 0.21 | 3.3 | 0.00 | Nov 13, 2020 | IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. | ||
| CVE-2020-4650 | Low | 0.21 | 3.3 | 0.00 | Nov 9, 2020 | IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023. | ||
| CVE-2020-4629 | Low | 0.21 | 3.3 | 0.00 | Sep 30, 2020 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. | ||
| CVE-2020-4344 | Low | 0.21 | 3.3 | 0.00 | Sep 15, 2020 | IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | ||
| CVE-2020-4591 | Low | 0.21 | 3.3 | 0.00 | Aug 28, 2020 | IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746. | ||
| CVE-2019-4695 | Low | 0.21 | 3.3 | 0.00 | Aug 26, 2020 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | ||
| CVE-2020-4371 | Low | 0.21 | 3.3 | 0.00 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. |
- risk 0.23cvss 3.5epss 0.00
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486
- risk 0.23cvss 3.5epss 0.00
IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to…
- risk 0.23cvss 3.5epss 0.01
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.
- risk 0.23cvss 3.5epss 0.01
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.
- risk 0.23cvss 3.6epss 0.00
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.
- risk 0.23cvss 3.5epss 0.01
IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680.
- risk 0.23cvss 3.5epss 0.01
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.
- risk 0.23cvss 3.5epss 0.00
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.
- risk 0.23cvss 3.5epss 0.00
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x…
- risk 0.22cvss 3.3epss 0.02
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
- risk 0.21cvss 3.3epss 0.00
IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization.
- risk 0.21cvss 3.3epss 0.00
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
- risk 0.21cvss 3.3epss 0.00
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
- risk 0.21cvss 3.3epss 0.00
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
- risk 0.21cvss 3.3epss 0.00
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
- risk 0.21cvss 3.3epss 0.00
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
- risk 0.21cvss 3.3epss 0.00
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
- risk 0.21cvss 3.3epss 0.00
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
- risk 0.21cvss 3.3epss 0.00
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a…
- risk 0.21cvss 3.3epss 0.00
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
- risk 0.21cvss 3.3epss 0.00
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.
- risk 0.21cvss 3.3epss 0.00
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that…
- risk 0.21cvss 3.3epss 0.00
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.
- risk 0.21cvss 3.3epss 0.00
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.
- risk 0.21cvss 3.3epss 0.00
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.
- risk 0.21cvss 3.3epss 0.00
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.
- risk 0.21cvss 3.3epss 0.00
IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371.
- risk 0.21cvss 3.3epss 0.00
IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.
- risk 0.21cvss 3.3epss 0.00
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.
- risk 0.21cvss 3.3epss 0.00
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized…
- risk 0.21cvss 3.3epss 0.00
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
- risk 0.21cvss 3.3epss 0.00
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.
- risk 0.21cvss 3.3epss 0.00
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.
- risk 0.21cvss 3.3epss 0.00
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.
- risk 0.21cvss 3.3epss 0.00
IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.
- risk 0.21cvss 3.3epss 0.00
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.
- risk 0.21cvss 3.3epss 0.00
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.
- risk 0.21cvss 3.3epss 0.00
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.
- risk 0.21cvss 3.3epss 0.00
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.
- risk 0.21cvss 3.3epss 0.00
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.
- risk 0.21cvss 3.3epss 0.00
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.
- risk 0.21cvss 3.3epss 0.00
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
- risk 0.21cvss 3.3epss 0.00
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.
- risk 0.21cvss 3.3epss 0.00
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.
- risk 0.21cvss 3.3epss 0.00
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.
- risk 0.21cvss 3.3epss 0.00
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
- risk 0.21cvss 3.3epss 0.00
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.
- risk 0.21cvss 3.3epss 0.00
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.
- risk 0.21cvss 3.3epss 0.00
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.
- risk 0.21cvss 3.3epss 0.00
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
Page 102 of 166