VYPR

Vendor CVEs

IBM

All CVEs

8,259 total · sorted by risk
  • CVE-2016-0373LowAug 30, 2018
    risk 0.20cvss 3.1epss 0.01

    IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.

  • CVE-2018-1644LowAug 27, 2018
    risk 0.20cvss 3.1epss 0.01

    IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another…

  • CVE-2018-1551LowAug 6, 2018
    risk 0.20cvss 3.1epss 0.01

    IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.

  • CVE-2017-1559LowJul 6, 2018
    risk 0.20cvss 3.1epss 0.01

    Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.

  • CVE-2018-1393LowJun 13, 2018
    risk 0.20cvss 3.1epss 0.01

    IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378.

  • CVE-2017-1765LowMar 30, 2018
    risk 0.20cvss 3.1epss 0.01

    IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.

  • CVE-2018-1392LowFeb 22, 2018
    risk 0.20cvss 3.1epss 0.01

    IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377.

  • CVE-2016-9697LowMar 20, 2017
    risk 0.20cvss 3.1epss 0.01

    An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960.

  • CVE-2017-1150LowMar 8, 2017
    risk 0.20cvss 3.1epss 0.01

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

  • CVE-2016-9009LowFeb 24, 2017
    risk 0.20cvss 3.1epss 0.01

    IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.

  • CVE-2016-6001LowFeb 1, 2017
    risk 0.20cvss 3.1epss 0.01

    IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

  • CVE-2016-8942LowFeb 1, 2017
    risk 0.20cvss 3.1epss 0.00

    IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.

  • CVE-2016-2874LowNov 30, 2016
    risk 0.20cvss 3.1epss 0.01

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-0379LowSep 26, 2016
    risk 0.20cvss 3.1epss 0.01

    IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.

  • CVE-2016-0385LowSep 1, 2016
    risk 0.20cvss 3.1epss 0.01

    Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via…

  • CVE-2015-7490LowMar 3, 2016
    risk 0.20cvss 3.1epss 0.01

    IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.

  • CVE-2015-7455LowFeb 29, 2016
    risk 0.20cvss 3.1epss 0.01

    IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.

  • CVE-2015-7466LowJan 10, 2016
    risk 0.20cvss 3.1epss 0.01

    Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.

  • CVE-2025-6205KEVAug 4, 2025
    risk 0.19cvss epss 0.69

    A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.

  • CVE-2023-33833LowAug 31, 2023
    risk 0.19cvss 2.9epss 0.00

    IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013.

  • CVE-2017-1124LowMar 7, 2017
    risk 0.19cvss 2.9epss 0.00

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.

  • CVE-2026-1272LowApr 23, 2026
    risk 0.18cvss 2.7epss 0.00

    IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.

  • CVE-2025-66487LowApr 1, 2026
    risk 0.18cvss 2.7epss 0.00

    IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.

  • CVE-2024-55895LowMar 29, 2025
    risk 0.18cvss 2.7epss 0.00

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-52905LowMar 10, 2025
    risk 0.18cvss 2.7epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.

  • CVE-2024-45658LowFeb 4, 2025
    risk 0.18cvss 2.7epss 0.00

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-35122LowJan 24, 2025
    risk 0.18cvss 2.8epss 0.00

    IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.

  • CVE-2023-47711LowMay 14, 2024
    risk 0.18cvss 2.7epss 0.01

    IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526.

  • CVE-2022-32756LowMar 22, 2024
    risk 0.18cvss 2.7epss 0.01

    IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.

  • CVE-2021-39008LowNov 23, 2023
    risk 0.18cvss 2.7epss 0.01

    IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.

  • CVE-2022-43891LowOct 17, 2023
    risk 0.18cvss 2.7epss 0.01

    IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454.

  • CVE-2022-43893LowOct 17, 2023
    risk 0.18cvss 2.7epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634.

  • CVE-2023-35901LowJul 17, 2023
    risk 0.18cvss 2.7epss 0.00

    IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.

  • CVE-2023-25923LowMar 21, 2023
    risk 0.18cvss 2.7epss 0.01

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629.

  • CVE-2023-25689LowMar 21, 2023
    risk 0.18cvss 2.7epss 0.01

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. …

  • CVE-2021-29846LowJan 26, 2022
    risk 0.18cvss 2.7epss 0.01

    IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.

  • CVE-2021-38894LowJan 10, 2022
    risk 0.18cvss 2.7epss 0.01

    IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.

  • CVE-2021-38973LowNov 12, 2021
    risk 0.18cvss 2.7epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

  • CVE-2021-20377LowSep 23, 2021
    risk 0.18cvss 2.7epss 0.01

    IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

  • CVE-2021-20523LowJul 15, 2021
    risk 0.18cvss 2.7epss 0.01

    IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660

  • CVE-2021-20499LowJul 15, 2021
    risk 0.18cvss 2.7epss 0.01

    IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973

  • CVE-2021-20402LowFeb 11, 2021
    risk 0.18cvss 2.7epss 0.01

    IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196076.

  • CVE-2020-4846LowDec 17, 2020
    risk 0.18cvss 2.7epss 0.01

    IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290.

  • CVE-2019-4699LowAug 26, 2020
    risk 0.18cvss 2.7epss 0.01

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.

  • CVE-2020-4548LowAug 20, 2020
    risk 0.18cvss 2.7epss 0.01

    IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database.…

  • CVE-2019-4706LowJul 1, 2020
    risk 0.18cvss 2.7epss 0.01

    IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.

  • CVE-2019-4705LowJul 1, 2020
    risk 0.18cvss 2.7epss 0.01

    IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.

  • CVE-2020-4248LowMay 28, 2020
    risk 0.18cvss 2.7epss 0.01

    IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484.

  • CVE-2020-4164LowApr 8, 2020
    risk 0.18cvss 2.7epss 0.01

    IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400.

  • CVE-2019-4636LowJan 28, 2020
    risk 0.18cvss 2.7epss 0.01

    IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013.

Page 103 of 166