VYPR

Vendor CVEs

IBM

All CVEs

8,272 total · sorted by risk
  • CVE-2024-31879May 18, 2024
    risk 0.00cvss epss 0.01

    IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.

  • CVE-2023-47717May 16, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.

  • CVE-2024-27260May 16, 2024
    risk 0.00cvss epss 0.00

    IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.

  • CVE-2023-47711May 11, 2024
    risk 0.00cvss epss 0.01

    IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526.

  • CVE-2023-47712May 11, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527.

  • CVE-2023-47709May 11, 2024
    risk 0.00cvss epss 0.01

    IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524.

  • CVE-2024-28760May 11, 2024
    risk 0.00cvss epss 0.00

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.

  • CVE-2024-28761May 11, 2024
    risk 0.00cvss epss 0.00

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting…

  • CVE-2024-22345May 10, 2024
    risk 0.00cvss epss 0.01

    IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192.

  • CVE-2024-22344May 10, 2024
    risk 0.00cvss epss 0.00

    IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191.

  • CVE-2024-22343May 10, 2024
    risk 0.00cvss epss 0.00

    IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190.

  • CVE-2023-38264May 10, 2024
    risk 0.00cvss epss 0.01

    The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM…

  • CVE-2024-27269May 10, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575.

  • CVE-2024-28781May 10, 2024
    risk 0.00cvss epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…

  • CVE-2023-40694May 7, 2024
    risk 0.00cvss epss 0.00

    IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.

  • CVE-2024-27273May 7, 2024
    risk 0.00cvss epss 0.00

    IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.

  • CVE-2023-27283May 4, 2024
    risk 0.00cvss epss 0.00

    IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.

  • CVE-2023-40695May 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.

  • CVE-2021-20451May 3, 2024
    risk 0.00cvss epss 0.01

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.

  • CVE-2022-22364May 3, 2024
    risk 0.00cvss epss 0.01

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP…

  • CVE-2023-28952May 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.

  • CVE-2023-38724May 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.

  • CVE-2023-40696May 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.

  • CVE-2021-20556May 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

  • CVE-2023-23474May 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.

  • CVE-2021-20450May 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will…

  • CVE-2020-4874May 3, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.

  • CVE-2023-37407May 3, 2024
    risk 0.00cvss epss 0.01

    IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 260116.

  • CVE-2024-25047May 2, 2024
    risk 0.00cvss epss 0.01

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

  • CVE-2023-47727May 2, 2024
    risk 0.00cvss epss 0.00

    IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.

  • CVE-2024-28764May 1, 2024
    risk 0.00cvss epss 0.00

    IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623.

  • CVE-2024-25015May 1, 2024
    risk 0.00cvss epss 0.01

    IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.

  • CVE-2024-28775May 1, 2024
    risk 0.00cvss epss 0.00

    IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2022-38386May 1, 2024
    risk 0.00cvss epss 0.00

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. …

  • CVE-2023-38002Apr 30, 2024
    risk 0.00cvss epss 0.00

    IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.

  • CVE-2024-25050Apr 28, 2024
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with…

  • CVE-2024-25048Apr 27, 2024
    risk 0.00cvss epss 0.01

    IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137.

  • CVE-2024-25026Apr 25, 2024
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to…

  • CVE-2023-47731Apr 23, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

  • CVE-2022-40745Apr 19, 2024
    risk 0.00cvss epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.

  • CVE-2023-37397Apr 19, 2024
    risk 0.00cvss epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.

  • CVE-2023-27279Apr 19, 2024
    risk 0.00cvss epss 0.01

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.

  • CVE-2023-37396Apr 19, 2024
    risk 0.00cvss epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.

  • CVE-2023-22869Apr 19, 2024
    risk 0.00cvss epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.

  • CVE-2023-37400Apr 19, 2024
    risk 0.00cvss epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.

  • CVE-2024-30107Apr 18, 2024
    risk 0.00cvss epss 0.00

    HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.

  • CVE-2024-23557Apr 18, 2024
    risk 0.00cvss epss 0.00

    HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack.

  • CVE-2024-22329Apr 17, 2024
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack.…

  • CVE-2024-22354Apr 17, 2024
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive…

  • CVE-2024-31887Apr 16, 2024
    risk 0.00cvss epss 0.01

    IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.

Page 116 of 166