VYPR

Vendor CVEs

IBM

All CVEs

8,290 total · sorted by risk
  • CVE-2020-4638HigSep 3, 2020
    risk 0.47cvss 7.2epss 0.02

    IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.

  • CVE-2020-4603HigAug 27, 2020
    risk 0.47cvss 7.2epss 0.01

    IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.

  • CVE-2020-4512HigJul 14, 2020
    risk 0.47cvss 7.2epss 0.02

    IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.

  • CVE-2020-4265HigMay 14, 2020
    risk 0.47cvss 7.3epss 0.00

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the…

  • CVE-2020-4163HigFeb 4, 2020
    risk 0.47cvss 7.2epss 0.02

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.

  • CVE-2019-4541HigFeb 4, 2020
    risk 0.47cvss 7.2epss 0.01

    IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.

  • CVE-2019-4147HigSep 16, 2019
    risk 0.47cvss 7.2epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.

  • CVE-2018-1973HigDec 20, 2018
    risk 0.47cvss 7.2epss 0.02

    IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.

  • CVE-2013-4035HigMay 1, 2018
    risk 0.47cvss 7.3epss 0.00

    IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL…

  • CVE-2016-8998HigFeb 24, 2017
    risk 0.47cvss 7.2epss 0.02

    IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.

  • CVE-2016-6104HigFeb 7, 2017
    risk 0.47cvss 7.2epss 0.03

    IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.

  • CVE-2016-6115HigFeb 1, 2017
    risk 0.47cvss 7.2epss 0.04

    IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.

  • CVE-2016-5995HigOct 1, 2016
    risk 0.47cvss 7.3epss 0.00

    Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.

  • CVE-2015-7472HigFeb 15, 2016
    risk 0.47cvss 7.2epss 0.02

    IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified…

  • CVE-2026-1718HigMay 27, 2026
    risk 0.46cvss 7.1epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.

  • CVE-2026-3603HigMay 26, 2026
    risk 0.46cvss 7.1epss 0.00

    IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated…

  • CVE-2023-32327HigFeb 3, 2024
    risk 0.46cvss 7.1epss 0.01

    IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could…

  • CVE-2023-43064HigDec 25, 2023
    risk 0.46cvss 7.0epss 0.00

    Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: …

  • CVE-2023-35892HigSep 5, 2023
    risk 0.46cvss 7.1epss 0.01

    IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: …

  • CVE-2023-22877HigAug 28, 2023
    risk 0.46cvss 7.0epss 0.01

    IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.

  • CVE-2023-28958HigJul 10, 2023
    risk 0.46cvss 7.0epss 0.00

    IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782.

  • CVE-2023-30444HigApr 27, 2023
    risk 0.46cvss 7.1epss 0.00

    IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. …

  • CVE-2023-27876HigApr 7, 2023
    risk 0.46cvss 7.1epss 0.01

    IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975.

  • CVE-2022-38389HigFeb 3, 2023
    risk 0.46cvss 7.1epss 0.01

    IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.

  • CVE-2022-38385HigNov 15, 2022
    risk 0.46cvss 7.1epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777.

  • CVE-2022-38387HigNov 11, 2022
    risk 0.46cvss 7.1epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.

  • CVE-2022-34348HigSep 23, 2022
    risk 0.46cvss 7.1epss 0.01

    IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.

  • CVE-2022-22369HigAug 10, 2022
    risk 0.46cvss 7.1epss 0.00

    IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. IBM X-Force ID: 221187.

  • CVE-2022-22358HigJul 19, 2022
    risk 0.46cvss 7.1epss 0.01

    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM…

  • CVE-2022-22331HigApr 1, 2022
    risk 0.46cvss 7.1epss 0.01

    IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130.

  • CVE-2021-29706HigJun 17, 2021
    risk 0.46cvss 7.1epss 0.00

    IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663.

  • CVE-2019-4730HigJun 1, 2021
    risk 0.46cvss 7.1epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.

  • CVE-2020-28198HigMay 6, 2021
    risk 0.46cvss 7.0epss 0.00

    The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max…

  • CVE-2021-20502HigMar 30, 2021
    risk 0.46cvss 7.1epss 0.01

    IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.

  • CVE-2021-20482HigMar 30, 2021
    risk 0.46cvss 7.1epss 0.01

    IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504.

  • CVE-2020-4352HigMay 29, 2020
    risk 0.46cvss 7.0epss 0.00

    IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.

  • CVE-2020-4246HigMay 28, 2020
    risk 0.46cvss 7.1epss 0.01

    IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481.

  • CVE-2020-4411HigMay 19, 2020
    risk 0.46cvss 7.1epss 0.00

    The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this…

  • CVE-2020-4311HigApr 23, 2020
    risk 0.46cvss 7.0epss 0.00

    IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM…

  • CVE-2019-4707HigJan 28, 2020
    risk 0.46cvss 7.1epss 0.01

    IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.

  • CVE-2019-4652HigNov 12, 2019
    risk 0.46cvss 7.1epss 0.00

    IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.

  • CVE-2019-4539HigOct 2, 2019
    risk 0.46cvss 7.1epss 0.01

    IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.

  • CVE-2019-16188HigSep 25, 2019
    risk 0.46cvss 7.1epss 0.01

    HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in…

  • CVE-2019-4456HigJul 30, 2019
    risk 0.46cvss 7.1epss 0.02

    IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force…

  • CVE-2019-4062HigJul 30, 2019
    risk 0.46cvss 7.1epss 0.02

    IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007.

  • CVE-2019-4140HigJul 2, 2019
    risk 0.46cvss 7.1epss 0.00

    IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.

  • CVE-2019-4298HigJul 1, 2019
    risk 0.46cvss 7.1epss 0.00

    IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.

  • CVE-2019-4145HigJun 25, 2019
    risk 0.46cvss 7.1epss 0.00

    IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.

  • CVE-2018-1845HigJun 17, 2019
    risk 0.46cvss 7.1epss 0.02

    IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.

  • CVE-2019-4208HigMay 7, 2019
    risk 0.46cvss 7.1epss 0.02

    IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129.

Page 25 of 166