VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2017-1519MedSep 12, 2017
    risk 0.38cvss 5.9epss 0.02

    IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.

  • CVE-2016-6029MedAug 14, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information…

  • CVE-2017-1386MedJul 31, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.

  • CVE-2016-9972MedJun 27, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…

  • CVE-2017-1179MedJun 8, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.

  • CVE-2016-8962MedApr 26, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.

  • CVE-2016-3052MedFeb 22, 2017
    risk 0.38cvss 5.9epss 0.01

    Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.

  • CVE-2016-5900MedFeb 8, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man…

  • CVE-2016-6116MedFeb 2, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…

  • CVE-2016-5935MedFeb 2, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

  • CVE-2016-8966MedFeb 1, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

  • CVE-2016-8918MedFeb 1, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.

  • CVE-2016-5966MedFeb 1, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using…

  • CVE-2016-3043MedFeb 1, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2016-2927MedNov 25, 2016
    risk 0.38cvss 5.9epss 0.01

    IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

  • CVE-2016-6025MedOct 6, 2016
    risk 0.38cvss 5.9epss 0.00

    The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.

  • CVE-2016-0397MedAug 30, 2016
    risk 0.38cvss 5.9epss 0.01

    WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

  • CVE-2016-0365MedJul 1, 2016
    risk 0.38cvss 5.9epss 0.01

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.

  • CVE-2016-0306MedMay 17, 2016
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-7488MedJan 27, 2016
    risk 0.38cvss 5.9epss 0.00

    IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.

  • CVE-2017-1721MedApr 26, 2018
    risk 0.37cvss 5.6epss 0.01

    IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.

  • CVE-2016-9719MedJul 31, 2017
    risk 0.37cvss 5.7epss 0.01

    IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the…

  • CVE-2017-1214MedJun 12, 2017
    risk 0.37cvss 5.7epss 0.01

    IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

  • CVE-2016-3037MedApr 17, 2017
    risk 0.37cvss 5.7epss 0.01

    IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.

  • CVE-2016-5941MedFeb 1, 2017
    risk 0.37cvss 5.7epss 0.02

    IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

  • CVE-2016-3060MedOct 29, 2016
    risk 0.37cvss 5.7epss 0.01

    Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

  • CVE-2016-5947MedSep 26, 2016
    risk 0.37cvss 5.7epss 0.01

    IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

  • CVE-2016-0339MedJul 15, 2016
    risk 0.37cvss 5.6epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."

  • CVE-2016-0264MedMay 24, 2016
    risk 0.37cvss 5.6epss 0.04

    Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute…

  • CVE-2026-6053MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.

  • CVE-2026-6051MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.

  • CVE-2026-5515MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2025-13755MedMay 26, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2026-4918MedApr 23, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2025-36074MedApr 23, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing…

  • CVE-2025-66484MedApr 1, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2018-1783MedOct 5, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.

  • CVE-2018-1768MedSep 26, 2018
    risk 0.36cvss 5.6epss 0.00

    IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.

  • CVE-2018-1685MedSep 21, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.

  • CVE-2017-1679MedSep 10, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.

  • CVE-2018-1452MedMay 25, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.

  • CVE-2018-1451MedMay 25, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.

  • CVE-2018-1450MedMay 25, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045.

  • CVE-2018-1449MedMay 25, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.

  • CVE-2013-4040MedMay 1, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force…

  • CVE-2016-0237MedMar 12, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328.

  • CVE-2017-1784MedJan 29, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.

  • CVE-2017-1693MedJan 19, 2018
    risk 0.36cvss 5.6epss 0.01

    IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.

  • CVE-2017-1596MedDec 20, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.

  • CVE-2017-1595MedDec 20, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.

Page 17 of 166