VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2017-1301MedOct 5, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various…

  • CVE-2017-1352MedSep 12, 2017
    risk 0.36cvss 5.5epss 0.01

    IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.

  • CVE-2017-1441MedAug 30, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106.

  • CVE-2016-0354MedAug 29, 2017
    risk 0.36cvss 5.5epss 0.01

    IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.

  • CVE-2017-1207MedJul 5, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

  • CVE-2017-1349MedJun 23, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.

  • CVE-2017-1302MedJun 23, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.

  • CVE-2016-5893MedJun 23, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.

  • CVE-2016-8939MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.

  • CVE-2016-6089MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.

  • CVE-2016-5960MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.

  • CVE-2016-8916MedMay 5, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.

  • CVE-2016-8924MedApr 26, 2017
    risk 0.36cvss 5.6epss 0.01

    IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID:…

  • CVE-2016-9985MedMar 8, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

  • CVE-2016-8944MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.

  • CVE-2016-0203MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.

  • CVE-2015-1976MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.

  • CVE-2015-5013MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.00

    The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.

  • CVE-2016-3020MedFeb 7, 2017
    risk 0.36cvss 5.5epss 0.01

    IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass…

  • CVE-2016-8963MedFeb 1, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2016-2941MedFeb 1, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.

  • CVE-2016-8967MedFeb 1, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

  • CVE-2016-0371MedFeb 1, 2017
    risk 0.36cvss 5.5epss 0.00

    The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.

  • CVE-2016-8981MedFeb 1, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2016-5967MedNov 25, 2016
    risk 0.36cvss 5.5epss 0.00

    The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.

  • CVE-2016-5927MedSep 12, 2016
    risk 0.36cvss 5.5epss 0.00

    IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading…

  • CVE-2016-0292MedAug 30, 2016
    risk 0.36cvss 5.5epss 0.00

    WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.

  • CVE-2016-0666MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.

  • CVE-2016-0650MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.

  • CVE-2016-0649MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.

  • CVE-2016-0648MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.

  • CVE-2016-0647MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.

  • CVE-2016-0646MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.

  • CVE-2016-0644MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.

  • CVE-2015-1985MedJan 3, 2016
    risk 0.36cvss 5.6epss 0.00

    The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.

  • CVE-2015-7437MedJan 2, 2016
    risk 0.36cvss 5.5epss 0.00

    Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2014-4806MedAug 29, 2014
    risk 0.36cvss 5.5epss 0.00

    The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain…

  • CVE-1999-0011MedApr 8, 1998
    risk 0.36cvss 5.4epss 0.05

    Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

  • CVE-2026-3341MedJun 11, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

  • CVE-2025-3633MedMay 27, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter…

  • CVE-2025-36148MedMay 26, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI…

  • CVE-2025-36145MedMay 26, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

  • CVE-2025-14290MedMay 26, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the…

  • CVE-2026-1243MedApr 2, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2025-66485MedApr 1, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or…

  • CVE-2026-4364MedApr 1, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows certificate listings retrieved via a browser…

  • CVE-2018-1743MedOct 8, 2018
    risk 0.35cvss 5.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422.

  • CVE-2018-1812MedOct 5, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in…

  • CVE-2018-1686MedOct 5, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2018-1604MedOct 4, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

Page 18 of 166