VYPR

Vendor CVEs

IBM

All CVEs

8,271 total · sorted by risk
  • CVE-2024-22339Apr 12, 2024
    risk 0.00cvss epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM…

  • CVE-2024-22334Apr 12, 2024
    risk 0.00cvss epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a…

  • CVE-2024-22359Apr 12, 2024
    risk 0.00cvss epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI…

  • CVE-2023-47714Apr 12, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2024-27261Apr 12, 2024
    risk 0.00cvss epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.

  • CVE-2023-45186Apr 12, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…

  • CVE-2023-50307Apr 12, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2024-22357Apr 12, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2023-50949Apr 11, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.

  • CVE-2024-31874Apr 10, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318.

  • CVE-2024-31873Apr 10, 2024
    risk 0.00cvss epss 0.01

    IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.

  • CVE-2024-31871Apr 10, 2024
    risk 0.00cvss epss 0.01

    IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.

  • CVE-2024-31872Apr 10, 2024
    risk 0.00cvss epss 0.01

    IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.

  • CVE-2024-25029Apr 6, 2024
    risk 0.00cvss epss 0.01

    IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full…

  • CVE-2024-22328Apr 6, 2024
    risk 0.00cvss epss 0.01

    IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950.

  • CVE-2024-28787Apr 4, 2024
    risk 0.00cvss epss 0.01

    IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.

  • CVE-2024-27268Apr 4, 2024
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.

  • CVE-2024-22360Apr 3, 2024
    risk 0.00cvss epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.

  • CVE-2023-52296Apr 3, 2024
    risk 0.00cvss epss 0.01

    IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547.

  • CVE-2023-38729Apr 3, 2024
    risk 0.00cvss epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

  • CVE-2024-27254Apr 3, 2024
    risk 0.00cvss epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.

  • CVE-2024-25046Apr 3, 2024
    risk 0.00cvss epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.

  • CVE-2024-25030Apr 3, 2024
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.

  • CVE-2024-28782Apr 3, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.

  • CVE-2023-50313Apr 2, 2024
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.

  • CVE-2023-50311Mar 31, 2024
    risk 0.00cvss epss 0.00

    IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages.

  • CVE-2023-50959Mar 31, 2024
    risk 0.00cvss epss 0.01

    IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system…

  • CVE-2024-22353Mar 31, 2024
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.

  • CVE-2024-25027Mar 31, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.

  • CVE-2024-27270Mar 27, 2024
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.

  • CVE-2023-50961Mar 27, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: …

  • CVE-2024-28784Mar 27, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.

  • CVE-2024-22356Mar 26, 2024
    risk 0.00cvss epss 0.01

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.

  • CVE-2023-33855Mar 26, 2024
    risk 0.00cvss epss 0.00

    Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: …

  • CVE-2023-47150Mar 26, 2024
    risk 0.00cvss epss 0.01

    IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.

  • CVE-2022-32754Mar 22, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2022-32751Mar 22, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.

  • CVE-2022-32756Mar 22, 2024
    risk 0.00cvss epss 0.01

    IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.

  • CVE-2022-32753Mar 22, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.

  • CVE-2024-27277Mar 21, 2024
    risk 0.00cvss epss 0.00

    The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205.

  • CVE-2023-47715Mar 21, 2024
    risk 0.00cvss epss 0.00

    IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538.

  • CVE-2023-45177Mar 20, 2024
    risk 0.00cvss epss 0.01

    IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.

  • CVE-2023-35888Mar 20, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2021-38938Mar 15, 2024
    risk 0.00cvss epss 0.00

    IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989.

  • CVE-2023-46181Mar 15, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.

  • CVE-2023-47699Mar 15, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2023-47147Mar 15, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.

  • CVE-2023-46179Mar 15, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent…

  • CVE-2023-47162Mar 15, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2023-46182Mar 15, 2024
    risk 0.00cvss epss 0.00

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

Page 117 of 166