VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2016-6085MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.

  • CVE-2016-6084MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.

  • CVE-2016-5994MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.

  • CVE-2016-5988MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.

  • CVE-2016-5950MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.

  • CVE-2016-3027MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory…

  • CVE-2016-3022MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.

  • CVE-2016-3044MedDec 1, 2016
    risk 0.42cvss 6.5epss 0.00

    The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors.

  • CVE-2016-2881MedNov 30, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters.

  • CVE-2016-2950MedNov 30, 2016
    risk 0.42cvss 6.5epss 0.01

    SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-2937MedNov 30, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability."

  • CVE-2016-0317MedNov 25, 2016
    risk 0.42cvss 6.5epss 0.01

    Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

  • CVE-2016-2996MedNov 24, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors.

  • CVE-2016-6038MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2016-5997MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality…

  • CVE-2016-5970MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

  • CVE-2016-5946MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

  • CVE-2016-2999MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack.

  • CVE-2016-5954MedSep 12, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.

  • CVE-2016-2989MedAug 8, 2016
    risk 0.42cvss 6.5epss 0.02

    Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2016-0361MedAug 8, 2016
    risk 0.42cvss 6.5epss 0.02

    IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated…

  • CVE-2016-2865MedJul 15, 2016
    risk 0.42cvss 6.5epss 0.01

    The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive…

  • CVE-2016-0314MedJul 8, 2016
    risk 0.42cvss 6.5epss 0.01

    The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors.

  • CVE-2016-3956HigJul 2, 2016
    risk 0.42cvss 7.5epss 0.07

    The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading…

  • CVE-2016-2968MedJul 2, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.

  • CVE-2016-0349MedJun 30, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.

  • CVE-2016-0298MedJun 29, 2016
    risk 0.42cvss 6.5epss 0.01

    Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2016-0288MedJun 1, 2016
    risk 0.42cvss 6.5epss 0.02

    IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML…

  • CVE-2016-0323MedMay 17, 2016
    risk 0.42cvss 6.5epss 0.01

    The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.

  • CVE-2015-8530MedMay 14, 2016
    risk 0.42cvss 6.5epss 0.02

    Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 23.0.0.3-IF0001, and 24 before 24.0.0.0-IF0003 allows remote authenticated users…

  • CVE-2015-7456MedJan 1, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.

  • CVE-2025-66483MedApr 1, 2026
    risk 0.41cvss 6.3epss 0.00

    IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.

  • CVE-2018-1819MedOct 4, 2018
    risk 0.41cvss 6.3epss 0.02

    IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in…

  • CVE-2018-1674MedSep 20, 2018
    risk 0.41cvss 6.3epss 0.02

    IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM…

  • CVE-2018-1699MedAug 24, 2018
    risk 0.41cvss 6.3epss 0.02

    IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.

  • CVE-2017-1738MedJul 10, 2018
    risk 0.41cvss 6.3epss 0.01

    IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 contains an undisclosed vulnerability that would allow an authenticated user to obtain elevated privileges. IBM X-Force ID: 134919.

  • CVE-2017-1722MedApr 26, 2018
    risk 0.41cvss 6.3epss 0.01

    IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.

  • CVE-2016-0276MedMar 9, 2018
    risk 0.41cvss 6.3epss 0.02

    IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate…

  • CVE-2016-2980MedAug 29, 2017
    risk 0.41cvss 6.3epss 0.01

    The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993.

  • CVE-2016-5990MedFeb 1, 2017
    risk 0.41cvss 6.3epss 0.01

    IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.

  • CVE-2016-5939MedFeb 1, 2017
    risk 0.41cvss 6.3epss 0.01

    IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

  • CVE-2016-0325MedNov 24, 2016
    risk 0.41cvss 6.3epss 0.01

    IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5;…

  • CVE-2026-8852MedMay 26, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.

  • CVE-2025-36335MedApr 30, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.

  • CVE-2025-13044MedApr 7, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2025-13702MedMar 13, 2026
    risk 0.40cvss 6.1epss 0.00

    IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

  • CVE-2025-36173MedMar 10, 2026
    risk 0.40cvss 6.1epss 0.00

    Affected Product(s)Version(s)InfoSphere Data Architect9.2.1

  • CVE-2025-33135MedFeb 17, 2026
    risk 0.40cvss 6.1epss 0.00

    IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an…

  • CVE-2018-1795MedOct 5, 2018
    risk 0.40cvss 6.1epss 0.01

    IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2018-1723MedOct 5, 2018
    risk 0.40cvss 6.2epss 0.00

    IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.

Page 13 of 166