VYPR

Vendor CVEs

IBM

All CVEs

8,259 total · sorted by risk
  • CVE-2019-4635LowJan 28, 2020
    risk 0.18cvss 2.7epss 0.01

    IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.

  • CVE-2018-1991LowMay 22, 2019
    risk 0.18cvss 2.7epss 0.01

    IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.

  • CVE-2018-1380LowOct 29, 2018
    risk 0.18cvss 2.7epss 0.01

    IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077.

  • CVE-2016-0369LowFeb 21, 2018
    risk 0.18cvss 2.7epss 0.01

    XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088.

  • CVE-2016-5979LowMay 15, 2017
    risk 0.18cvss 2.7epss 0.01

    IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379.

  • CVE-2015-7494LowFeb 8, 2017
    risk 0.18cvss 2.8epss 0.00

    A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain…

  • CVE-2016-3046LowFeb 1, 2017
    risk 0.18cvss 2.7epss 0.01

    IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.

  • CVE-2016-3021LowFeb 1, 2017
    risk 0.18cvss 2.7epss 0.01

    IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.

  • CVE-2016-2947LowNov 25, 2016
    risk 0.18cvss 2.7epss 0.01

    IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0…

  • CVE-2016-0370LowSep 1, 2016
    risk 0.18cvss 2.7epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.

  • CVE-2016-2870LowJul 2, 2016
    risk 0.18cvss 2.7epss 0.02

    Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors.

  • CVE-2016-2868LowJul 2, 2016
    risk 0.18cvss 2.7epss 0.01

    IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2023-46159LowFeb 2, 2024
    risk 0.17cvss 2.6epss 0.01

    IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.

  • CVE-2015-4961LowNov 24, 2016
    risk 0.17cvss 2.6epss 0.00

    IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers,…

  • CVE-2025-0895LowMar 2, 2025
    risk 0.16cvss 2.4epss 0.00

    IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.

  • CVE-2024-28766LowJan 27, 2025
    risk 0.16cvss 2.4epss 0.00

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.

  • CVE-2023-37395LowDec 11, 2024
    risk 0.16cvss 2.5epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.

  • CVE-2024-37533LowJul 24, 2024
    risk 0.16cvss 2.4epss 0.00

    IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.

  • CVE-2023-37396LowApr 19, 2024
    risk 0.16cvss 2.5epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.

  • CVE-2023-50955LowFeb 21, 2024
    risk 0.16cvss 2.4epss 0.01

    IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.

  • CVE-2022-22348LowMar 14, 2022
    risk 0.16cvss 2.4epss 0.00

    IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then…

  • CVE-2019-4352LowFeb 16, 2022
    risk 0.16cvss 2.4epss 0.00

    IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494.

  • CVE-2020-4811LowMay 14, 2021
    risk 0.16cvss 2.4epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.

  • CVE-2019-4266LowMay 6, 2020
    risk 0.16cvss 2.4epss 0.00

    IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199.

  • CVE-2020-4197LowMar 3, 2020
    risk 0.16cvss 2.4epss 0.00

    IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908.

  • CVE-2019-4265LowOct 10, 2019
    risk 0.16cvss 2.4epss 0.00

    IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.

  • CVE-2017-1544LowJul 20, 2018
    risk 0.16cvss 2.4epss 0.00

    IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812.

  • CVE-2017-1211LowOct 24, 2017
    risk 0.16cvss 2.5epss 0.00

    IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851.

  • CVE-2017-1346LowSep 25, 2017
    risk 0.16cvss 2.5epss 0.00

    IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.

  • CVE-2017-1144LowJul 5, 2017
    risk 0.16cvss 2.5epss 0.00

    IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.

  • CVE-2016-9703LowFeb 1, 2017
    risk 0.16cvss 2.4epss 0.00

    IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.

  • CVE-2016-5992LowNov 25, 2016
    risk 0.16cvss 2.5epss 0.00

    IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.

  • CVE-2016-2894LowJul 3, 2016
    risk 0.16cvss 2.5epss 0.00

    IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink…

  • CVE-2016-0259LowJun 26, 2016
    risk 0.16cvss 2.5epss 0.00

    runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.

  • CVE-2015-7473LowJun 26, 2016
    risk 0.16cvss 2.5epss 0.00

    runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.

  • CVE-2015-7436LowJan 2, 2016
    risk 0.16cvss 2.5epss 0.00

    IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across…

  • CVE-2015-7435LowJan 2, 2016
    risk 0.16cvss 2.5epss 0.00

    IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the…

  • CVE-2023-35013LowOct 16, 2023
    risk 0.15cvss 2.3epss 0.00

    IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.

  • CVE-2022-35720LowFeb 8, 2023
    risk 0.15cvss 2.3epss 0.00

    IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

  • CVE-2021-29759LowJul 7, 2021
    risk 0.15cvss 2.3epss 0.00

    IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.

  • CVE-2020-4787LowJan 27, 2021
    risk 0.15cvss 2.3epss 0.00

    IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration…

  • CVE-2018-1725LowNov 5, 2020
    risk 0.15cvss 2.3epss 0.00

    IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.

  • CVE-2019-4666LowFeb 13, 2020
    risk 0.15cvss 2.3epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.

  • CVE-2019-4394LowOct 25, 2019
    risk 0.15cvss 2.3epss 0.00

    IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.

  • CVE-2022-42443LowFeb 17, 2024
    risk 0.14cvss 2.2epss 0.00

    An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.

  • CVE-2021-20406LowFeb 12, 2021
    risk 0.14cvss 2.2epss 0.00

    IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184.

  • CVE-2019-4048LowJun 6, 2019
    risk 0.14cvss 2.1epss 0.00

    IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.

  • CVE-2016-3002LowNov 30, 2016
    risk 0.14cvss 2.1epss 0.00

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.

  • CVE-2025-6204KEVAug 4, 2025
    risk 0.13cvss epss 0.75

    An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

  • CVE-2024-55907LowMar 2, 2025
    risk 0.13cvss 2.0epss 0.00

    IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.

Page 104 of 166