VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2015-4987MedMar 27, 2018
    risk 0.42cvss 6.5epss 0.01

    The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.

  • CVE-2015-7461MedMar 20, 2018
    risk 0.42cvss 6.5epss 0.01

    XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.

  • CVE-2018-1391MedFeb 22, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IBM X-Force ID: 138376.

  • CVE-2017-1279MedJan 26, 2018
    risk 0.42cvss 6.5epss 0.02

    IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.

  • CVE-2016-0219MedJan 16, 2018
    risk 0.42cvss 6.5epss 0.01

    XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM…

  • CVE-2016-0215MedJan 16, 2018
    risk 0.42cvss 6.5epss 0.02

    IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.

  • CVE-2017-1550MedDec 11, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290.

  • CVE-2017-1487MedDec 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626.

  • CVE-2017-1433MedDec 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.

  • CVE-2017-1628MedNov 27, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.

  • CVE-2017-1222MedOct 26, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862.

  • CVE-2017-1212MedOct 24, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852.

  • CVE-2017-1538MedOct 10, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.

  • CVE-2017-1235MedSep 25, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.

  • CVE-2015-0110MedSep 15, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.

  • CVE-2017-1556MedSep 13, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.

  • CVE-2016-2965MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.

  • CVE-2016-0356MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895.

  • CVE-2016-0355MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894.

  • CVE-2017-1110MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.

  • CVE-2017-1190MedAug 14, 2017
    risk 0.42cvss 6.4epss 0.00

    IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system.…

  • CVE-2017-1504MedAug 3, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.

  • CVE-2015-0194MedAug 2, 2017
    risk 0.42cvss 6.5epss 0.01

    XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

  • CVE-2016-9717MedJul 31, 2017
    risk 0.42cvss 6.5epss 0.01

    HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be…

  • CVE-2017-1374MedJul 21, 2017
    risk 0.42cvss 6.5epss 0.01

    Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.

  • CVE-2017-1219MedJul 19, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859.

  • CVE-2017-1308MedJul 13, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.

  • CVE-2017-1285MedJul 12, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.

  • CVE-2017-1236MedJul 6, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354

  • CVE-2017-1258MedJul 5, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685

  • CVE-2017-1310MedJun 29, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.

  • CVE-2017-1193MedJun 23, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.

  • CVE-2017-1131MedJun 23, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.

  • CVE-2016-9982MedJun 22, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274.

  • CVE-2017-3744MedJun 20, 2017
    risk 0.42cvss 6.5epss 0.01

    In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear…

  • CVE-2016-3019MedJun 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.

  • CVE-2016-0254MedJun 7, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause…

  • CVE-2016-9750MedMay 15, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.

  • CVE-2016-8925MedApr 14, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.

  • CVE-2017-1154MedMar 31, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.

  • CVE-2017-1142MedMar 27, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this…

  • CVE-2016-9729MedMar 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545.

  • CVE-2016-8971MedMar 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.

  • CVE-2016-8986MedFeb 22, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.

  • CVE-2016-8915MedFeb 22, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.

  • CVE-2016-3013MedFeb 22, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.

  • CVE-2016-8933MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

  • CVE-2016-6110MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.00

    IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

  • CVE-2016-8913MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2016-6126MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Page 12 of 166