VYPR

Vendor CVEs

IBM

All CVEs

8,258 total · sorted by risk
  • CVE-2019-4349LowNov 3, 2020
    risk 0.23cvss 3.5epss 0.00

    IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486

  • CVE-2019-4616LowFeb 5, 2020
    risk 0.23cvss 3.5epss 0.00

    IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to…

  • CVE-2019-4271LowSep 17, 2019
    risk 0.23cvss 3.5epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

  • CVE-2018-1917LowApr 2, 2019
    risk 0.23cvss 3.5epss 0.01

    IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.

  • CVE-2018-1842LowNov 9, 2018
    risk 0.23cvss 3.6epss 0.00

    IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.

  • CVE-2017-1353LowDec 7, 2017
    risk 0.23cvss 3.5epss 0.01

    IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680.

  • CVE-2016-3009LowNov 30, 2016
    risk 0.23cvss 3.5epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.

  • CVE-2016-2998LowSep 1, 2016
    risk 0.23cvss 3.5epss 0.00

    Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.

  • CVE-2015-4962LowJan 3, 2016
    risk 0.23cvss 3.5epss 0.00

    Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x…

  • CVE-2016-0643LowApr 21, 2016
    risk 0.22cvss 3.3epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.

  • CVE-2025-0759LowFeb 27, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization.

  • CVE-2024-56812LowFeb 27, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56811LowFeb 27, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56810LowFeb 27, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56496LowFeb 27, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56495LowFeb 27, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56494LowFeb 27, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56493LowFeb 27, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-45674LowFeb 22, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a…

  • CVE-2024-56467LowFeb 6, 2025
    risk 0.21cvss 3.3epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2023-35022LowJun 30, 2024
    risk 0.21cvss 3.3epss 0.00

    IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.

  • CVE-2024-31870LowJun 15, 2024
    risk 0.21cvss 3.3epss 0.00

    IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that…

  • CVE-2024-22333LowJun 13, 2024
    risk 0.21cvss 3.3epss 0.00

    IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.

  • CVE-2023-26279LowNov 24, 2023
    risk 0.21cvss 3.3epss 0.00

    IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.

  • CVE-2023-35018LowOct 16, 2023
    risk 0.21cvss 3.3epss 0.00

    IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.

  • CVE-2022-42442LowNov 3, 2022
    risk 0.21cvss 3.3epss 0.00

    IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.

  • CVE-2022-22314LowSep 8, 2022
    risk 0.21cvss 3.3epss 0.00

    IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371.

  • CVE-2022-22326LowAug 1, 2022
    risk 0.21cvss 3.3epss 0.00

    IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.

  • CVE-2021-20551LowJun 24, 2022
    risk 0.21cvss 3.3epss 0.00

    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.

  • CVE-2022-22426LowJun 10, 2022
    risk 0.21cvss 3.3epss 0.00

    IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized…

  • CVE-2020-4951LowOct 15, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.

  • CVE-2020-4809LowSep 23, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.

  • CVE-2020-4805LowSep 23, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.

  • CVE-2020-4803LowSep 23, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.

  • CVE-2021-20478LowJul 20, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.

  • CVE-2021-20396LowJun 11, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.

  • CVE-2021-20575LowJun 1, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.

  • CVE-2020-4765LowMay 19, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.

  • CVE-2021-20391LowMay 14, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.

  • CVE-2021-29671LowApr 9, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.

  • CVE-2020-4726LowMar 2, 2021
    risk 0.21cvss 3.3epss 0.00

    The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.

  • CVE-2020-4889LowJan 26, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.

  • CVE-2020-4906LowDec 16, 2020
    risk 0.21cvss 3.3epss 0.00

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2020-4886LowNov 13, 2020
    risk 0.21cvss 3.3epss 0.00

    IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.

  • CVE-2020-4650LowNov 9, 2020
    risk 0.21cvss 3.3epss 0.00

    IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.

  • CVE-2020-4629LowSep 30, 2020
    risk 0.21cvss 3.3epss 0.00

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.

  • CVE-2020-4344LowSep 15, 2020
    risk 0.21cvss 3.3epss 0.00

    IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.

  • CVE-2020-4591LowAug 28, 2020
    risk 0.21cvss 3.3epss 0.00

    IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.

  • CVE-2019-4695LowAug 26, 2020
    risk 0.21cvss 3.3epss 0.00

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.

  • CVE-2020-4371LowJul 22, 2020
    risk 0.21cvss 3.3epss 0.00

    IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.

Page 102 of 166