VYPR

Vendor CVEs

IBM

All CVEs

8,264 total · sorted by risk
  • CVE-2021-39081Dec 19, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

  • CVE-2021-29827Dec 18, 2024
    risk 0.00cvss epss 0.00

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…

  • CVE-2021-20553Dec 18, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2024-51470Dec 18, 2024
    risk 0.00cvss epss 0.01

    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.

  • CVE-2024-25042Dec 18, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.

  • CVE-2024-45082Dec 18, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to…

  • CVE-2024-41752Dec 18, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

  • CVE-2024-52361Dec 18, 2024
    risk 0.00cvss epss 0.01

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod.

  • CVE-2023-50956Dec 18, 2024
    risk 0.00cvss epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

  • CVE-2024-47119Dec 18, 2024
    risk 0.00cvss epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.

  • CVE-2024-47104Dec 18, 2024
    risk 0.00cvss epss 0.00

    IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can…

  • CVE-2024-49816Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

  • CVE-2024-49820Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive…

  • CVE-2024-49819Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

  • CVE-2024-49818Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-49817Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.

  • CVE-2024-31891Dec 14, 2024
    risk 0.00cvss epss 0.00

    IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.

  • CVE-2024-31892Dec 14, 2024
    risk 0.00cvss epss 0.00

    IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.

  • CVE-2024-52901Dec 12, 2024
    risk 0.00cvss epss 0.01

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

  • CVE-2024-51460Dec 11, 2024
    risk 0.00cvss epss 0.00

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.

  • CVE-2023-23472Dec 11, 2024
    risk 0.00cvss epss 0.00

    IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

  • CVE-2023-37395Dec 11, 2024
    risk 0.00cvss epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.

  • CVE-2024-35117Dec 11, 2024
    risk 0.00cvss epss 0.00

    IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.

  • CVE-2024-47117Dec 10, 2024
    risk 0.00cvss epss 0.00

    IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2024-47107Dec 7, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2024-41762Dec 7, 2024
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

  • CVE-2024-37071Dec 7, 2024
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.

  • CVE-2024-47115Dec 7, 2024
    risk 0.00cvss epss 0.00

    IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.

  • CVE-2024-51465Dec 4, 2024
    risk 0.00cvss epss 0.01

    IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

  • CVE-2024-41775Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

  • CVE-2024-25020Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to…

  • CVE-2024-41776Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-41777Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

  • CVE-2024-45676Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction.

  • CVE-2024-25036Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.

  • CVE-2024-25035Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.

  • CVE-2024-40691Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to…

  • CVE-2024-25019Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to…

  • CVE-2021-29892Dec 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2024-49804Nov 29, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.

  • CVE-2024-49806Nov 29, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

  • CVE-2024-49805Nov 29, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

  • CVE-2024-49803Nov 29, 2024
    risk 0.00cvss epss 0.01

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

  • CVE-2024-49353Nov 26, 2024
    risk 0.00cvss epss 0.00

    IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.

  • CVE-2024-49351Nov 26, 2024
    risk 0.00cvss epss 0.00

    IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.

  • CVE-2024-52899Nov 26, 2024
    risk 0.00cvss epss 0.01

    IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.

  • CVE-2023-26280Nov 25, 2024
    risk 0.00cvss epss 0.00

    IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.

  • CVE-2023-45181Nov 25, 2024
    risk 0.00cvss epss 0.00

    IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2024-35160Nov 23, 2024
    risk 0.00cvss epss 0.00

    IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.

  • CVE-2024-41761Nov 23, 2024
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Page 111 of 166