VYPR

Vendor CVEs

IBM

All CVEs

8,290 total · sorted by risk
  • CVE-2018-1426HigMar 22, 2018
    risk 0.48cvss 7.4epss 0.03

    IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

  • CVE-2017-1677HigMar 22, 2018
    risk 0.48cvss 7.4epss 0.01

    IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

  • CVE-2017-1541HigOct 4, 2017
    risk 0.48cvss 7.3epss 0.02

    A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.

  • CVE-2017-1130MedSep 5, 2017
    risk 0.48cvss 6.5epss 0.29

    IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

  • CVE-2017-1129MedSep 5, 2017
    risk 0.48cvss 6.5epss 0.30

    IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.

  • CVE-2017-1122HigApr 20, 2017
    risk 0.48cvss 7.4epss 0.00

    IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.

  • CVE-2017-1161HigApr 17, 2017
    risk 0.48cvss 7.3epss 0.01

    IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the…

  • CVE-2016-5934HigFeb 8, 2017
    risk 0.48cvss 7.3epss 0.01

    IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the…

  • CVE-2016-6042HigFeb 1, 2017
    risk 0.48cvss 7.3epss 0.03

    IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary…

  • CVE-2016-2936HigNov 30, 2016
    risk 0.48cvss 7.3epss 0.01

    IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.

  • CVE-2016-0340HigJul 15, 2016
    risk 0.48cvss 7.4epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

  • CVE-2016-0330HigJul 15, 2016
    risk 0.48cvss 7.3epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm.

  • CVE-2015-7428HigFeb 29, 2016
    risk 0.48cvss 7.4epss 0.01

    Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

  • CVE-2015-4956HigFeb 15, 2016
    risk 0.48cvss 7.4epss 0.01

    The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.

  • CVE-2015-7397HigJan 10, 2016
    risk 0.48cvss 7.4epss 0.02

    Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.

  • CVE-2015-7410HigJan 1, 2016
    risk 0.48cvss 7.4epss 0.01

    The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2015-1947HigDec 31, 2015
    risk 0.48cvss 7.4epss 0.00

    Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.

  • CVE-2015-1836HigDec 21, 2015
    risk 0.48cvss 7.3epss 0.07

    Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service…

  • CVE-2015-1772HigDec 21, 2015
    risk 0.48cvss 7.3epss 0.07

    The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to…

  • CVE-2024-56462HigMay 27, 2026
    risk 0.47cvss 7.2epss 0.00

    IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.

  • CVE-2026-4051HigMay 26, 2026
    risk 0.47cvss 7.2epss 0.00

    IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

  • CVE-2026-8835HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.

  • CVE-2026-5935HigApr 23, 2026
    risk 0.47cvss 7.3epss 0.00

    IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.

  • CVE-2026-1343HigApr 8, 2026
    risk 0.47cvss 7.2epss 0.00

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication…

  • CVE-2026-1345HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute…

  • CVE-2021-38927HigDec 25, 2023
    risk 0.47cvss 7.2epss 0.00

    IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: …

  • CVE-2023-38003HigDec 4, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.

  • CVE-2023-33839HigOct 23, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.

  • CVE-2022-22375HigOct 17, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681.

  • CVE-2022-43907HigAug 27, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.

  • CVE-2023-35019HigJul 31, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.

  • CVE-2022-33166HigJun 15, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.

  • CVE-2022-32752HigJun 15, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.

  • CVE-2023-29257HigApr 26, 2023
    risk 0.47cvss 7.2epss 0.02

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.

  • CVE-2022-36769HigApr 26, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.

  • CVE-2022-40746HigNov 21, 2022
    risk 0.47cvss 7.2epss 0.00

    IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker…

  • CVE-2022-30616HigAug 1, 2022
    risk 0.47cvss 7.2epss 0.01

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.

  • CVE-2021-29854HigMay 3, 2022
    risk 0.47cvss 7.2epss 0.01

    IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which…

  • CVE-2022-22339HigApr 8, 2022
    risk 0.47cvss 7.3epss 0.01

    IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736.

  • CVE-2022-22410HigApr 6, 2022
    risk 0.47cvss 7.2epss 0.01

    IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763.

  • CVE-2021-3723HigNov 12, 2021
    risk 0.47cvss 7.2epss 0.02

    A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.

  • CVE-2021-29696HigAug 2, 2021
    risk 0.47cvss 7.2epss 0.03

    IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

  • CVE-2021-20533HigJul 15, 2021
    risk 0.47cvss 7.2epss 0.02

    IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813

  • CVE-2021-29792HigJul 12, 2021
    risk 0.47cvss 7.2epss 0.00

    IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450.

  • CVE-2021-20557HigMay 24, 2021
    risk 0.47cvss 7.2epss 0.03

    IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184.

  • CVE-2021-20385HigMay 24, 2021
    risk 0.47cvss 7.2epss 0.02

    IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766.

  • CVE-2021-20527HigApr 19, 2021
    risk 0.47cvss 7.2epss 0.01

    IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.

  • CVE-2020-4912HigJan 4, 2021
    risk 0.47cvss 7.2epss 0.01

    IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.

  • CVE-2020-4685HigNov 11, 2020
    risk 0.47cvss 7.2epss 0.01

    A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of…

  • CVE-2020-4636HigOct 16, 2020
    risk 0.47cvss 7.2epss 0.01

    IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.

Page 24 of 166