VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2016-2944CriNov 30, 2016
    risk 0.64cvss 9.8epss 0.02

    IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.

  • CVE-2016-0391CriJul 2, 2016
    risk 0.64cvss 9.8epss 0.01

    The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

  • CVE-2016-0224CriJun 28, 2016
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-8522CriApr 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521.

  • CVE-2015-8521CriApr 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522.

  • CVE-2015-8520CriApr 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522.

  • CVE-2015-8519CriApr 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522.

  • CVE-2016-0216CriFeb 29, 2016
    risk 0.64cvss 9.8epss 0.02

    Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213.

  • CVE-2016-0213CriFeb 29, 2016
    risk 0.64cvss 9.8epss 0.02

    Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216.

  • CVE-2016-0212CriFeb 29, 2016
    risk 0.64cvss 9.8epss 0.03

    Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216.

  • CVE-2015-0192CriJul 2, 2015
    risk 0.64cvss 9.8epss 0.05

    Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

  • CVE-2017-1274HigApr 25, 2017
    risk 0.61cvss 8.8epss 0.07

    IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.

  • CVE-2015-0104HigApr 24, 2017
    risk 0.61cvss 8.8epss 0.07

    IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0…

  • CVE-2013-3993MedKEVJul 7, 2014
    risk 0.61cvss 6.5epss 0.05

    IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.

  • CVE-2026-1346CriApr 8, 2026
    risk 0.60cvss 9.3epss 0.00

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate…

  • CVE-2015-5073CriDec 13, 2016
    risk 0.60cvss 9.1epss 0.08

    Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular…

  • CVE-2015-2023HigJan 2, 2016
    risk 0.60cvss 8.8epss 0.02

    Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.

  • CVE-2026-9319CriJun 1, 2026
    risk 0.59cvss 9.0epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.

  • CVE-2026-9311CriJun 1, 2026
    risk 0.59cvss 9.0epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

  • CVE-2026-8644CriJun 1, 2026
    risk 0.59cvss 9.1epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

  • CVE-2026-7876CriMay 27, 2026
    risk 0.59cvss 9.1epss 0.00

    IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific…

  • CVE-2014-0931CriApr 20, 2018
    risk 0.59cvss 9.1epss 0.03

    Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase…

  • CVE-2018-1383CriFeb 13, 2018
    risk 0.59cvss 9.1epss 0.03

    A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.

  • CVE-2017-1383CriAug 2, 2017
    risk 0.59cvss 9.1epss 0.03

    IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.

  • CVE-2016-6111CriMar 31, 2017
    risk 0.59cvss 9.1epss 0.02

    IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all…

  • CVE-2016-9706CriFeb 15, 2017
    risk 0.59cvss 9.1epss 0.02

    IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive…

  • CVE-2016-2908CriFeb 1, 2017
    risk 0.59cvss 9.1epss 0.03

    IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause…

  • CVE-2016-3028CriNov 25, 2016
    risk 0.59cvss 9.1epss 0.04

    IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

  • CVE-2015-5041CriJun 6, 2016
    risk 0.59cvss 9.1epss 0.04

    The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

  • CVE-2018-1571HigSep 11, 2018
    risk 0.58cvss 8.8epss 0.05

    IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 143121.

  • CVE-2016-0291HigFeb 28, 2018
    risk 0.58cvss 8.8epss 0.04

    IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302.

  • CVE-1999-0038HigApr 26, 1997
    risk 0.58cvss 8.4epss 0.01

    Buffer overflow in xlock program allows local users to execute commands as root.

  • CVE-2026-7870HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

  • CVE-2026-7770HigJun 1, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.

  • CVE-2026-8179HigMay 27, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could…

  • CVE-2026-7524CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.01

    IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

  • CVE-2026-5065HigMay 27, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

  • CVE-2026-6389HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate…

  • CVE-2018-1524HigAug 3, 2018
    risk 0.57cvss 8.8epss 0.02

    IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.

  • CVE-2018-1595HigAug 1, 2018
    risk 0.57cvss 8.8epss 0.02

    IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.

  • CVE-2018-1453HigJun 8, 2018
    risk 0.57cvss 8.8epss 0.02

    IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.

  • CVE-2018-1434HigMay 17, 2018
    risk 0.57cvss 8.8epss 0.01

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute…

  • CVE-2013-5461HigApr 27, 2018
    risk 0.57cvss 8.8epss 0.02

    IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309.

  • CVE-2018-1479HigApr 27, 2018
    risk 0.57cvss 8.8epss 0.01

    IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761.

  • CVE-2017-1701HigApr 23, 2018
    risk 0.57cvss 8.8epss 0.01

    IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.

  • CVE-2015-4952HigMar 29, 2018
    risk 0.57cvss 8.8epss 0.02

    The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196.

  • CVE-2015-2009HigMar 29, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via…

  • CVE-2016-0286HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.02

    IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote authenticated users to obtain administrator passwords by leveraging unspecified privileges. BM X-Force ID: 111234.

  • CVE-2016-0295HigFeb 28, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.

  • CVE-2018-1414HigFeb 22, 2018
    risk 0.57cvss 8.8epss 0.02

    IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.

Page 2 of 166