VYPR

Vendor CVEs

IBM

All CVEs

8,291 total · sorted by risk
  • CVE-2019-4043HigApr 2, 2019
    risk 0.46cvss 7.1epss 0.02

    IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:…

  • CVE-2018-1727HigFeb 15, 2019
    risk 0.46cvss 7.1epss 0.02

    IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:…

  • CVE-2018-1970HigFeb 4, 2019
    risk 0.46cvss 7.1epss 0.02

    IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.

  • CVE-2018-2019HigJan 18, 2019
    risk 0.46cvss 7.1epss 0.02

    IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.

  • CVE-2018-1784HigDec 20, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.

  • CVE-2018-1920HigDec 7, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.

  • CVE-2018-1424HigDec 7, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.

  • CVE-2018-1730HigDec 5, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709.

  • CVE-2018-1905HigNov 26, 2018
    risk 0.46cvss 7.1epss 0.03

    IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534.

  • CVE-2018-1846HigNov 2, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory…

  • CVE-2018-1835HigNov 2, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514.

  • CVE-2018-1747HigOct 15, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:…

  • CVE-2018-1844HigOct 12, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.

  • CVE-2018-1738HigOct 11, 2018
    risk 0.46cvss 7.1epss 0.01

    IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.

  • CVE-2018-1702HigSep 28, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume…

  • CVE-2018-1669HigSep 25, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing…

  • CVE-2018-1607HigSep 25, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory…

  • CVE-2018-1588HigSep 25, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or…

  • CVE-2013-0522HigJul 16, 2018
    risk 0.46cvss 7.0epss 0.00

    The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and…

  • CVE-2018-1542HigJul 6, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this…

  • CVE-2018-1456HigJun 6, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 140091.

  • CVE-2017-1764HigApr 23, 2018
    risk 0.46cvss 7.0epss 0.00

    IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.

  • CVE-2014-0950HigApr 20, 2018
    risk 0.46cvss 7.1epss 0.02

    Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through…

  • CVE-2018-1421HigApr 4, 2018
    risk 0.46cvss 7.1epss 0.01

    IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM…

  • CVE-2017-1758HigFeb 21, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when…

  • CVE-2017-1760HigDec 11, 2017
    risk 0.46cvss 7.1epss 0.00

    IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.

  • CVE-2015-0162HigSep 20, 2017
    risk 0.46cvss 7.0epss 0.00

    IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.

  • CVE-2017-1382HigJul 24, 2017
    risk 0.46cvss 7.1epss 0.00

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force…

  • CVE-2017-1181HigJul 17, 2017
    risk 0.46cvss 7.0epss 0.00

    IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.

  • CVE-2017-1254HigJul 5, 2017
    risk 0.46cvss 7.1epss 0.02

    IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634.

  • CVE-2017-1105HigJun 27, 2017
    risk 0.46cvss 7.1epss 0.00

    IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.

  • CVE-2015-0107MedApr 24, 2017
    risk 0.46cvss 6.5epss 0.06

    IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0…

  • CVE-2016-9994HigMar 1, 2017
    risk 0.46cvss 7.1epss 0.01

    IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.

  • CVE-2016-9993HigMar 1, 2017
    risk 0.46cvss 7.1epss 0.01

    IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.

  • CVE-2016-9992HigMar 1, 2017
    risk 0.46cvss 7.1epss 0.01

    IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.

  • CVE-2016-6043HigFeb 1, 2017
    risk 0.46cvss 7.0epss 0.00

    Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.

  • CVE-2016-2985HigNov 25, 2016
    risk 0.46cvss 7.0epss 0.00

    IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.

  • CVE-2016-2984HigNov 25, 2016
    risk 0.46cvss 7.0epss 0.00

    IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.

  • CVE-2016-5971HigSep 26, 2016
    risk 0.46cvss 7.1epss 0.01

    IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with…

  • CVE-2016-2867HigJul 2, 2016
    risk 0.46cvss 7.0epss 0.00

    IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.

  • CVE-2016-0263HigJun 29, 2016
    risk 0.46cvss 7.0epss 0.00

    IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.

  • CVE-2015-7442HigJan 2, 2016
    risk 0.46cvss 7.0epss 0.00

    consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.

  • CVE-2020-4430MedKEVMay 7, 2020
    risk 0.45cvss 4.3epss 0.69

    IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.

  • CVE-2018-1612MedJul 17, 2018
    risk 0.45cvss 5.8epss 0.57

    IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164.

  • CVE-2023-38738MedJan 19, 2024
    risk 0.44cvss 6.8epss 0.01

    IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted…

  • CVE-2023-46176MedNov 3, 2023
    risk 0.44cvss 6.7epss 0.00

    IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.

  • CVE-2022-22466MedOct 23, 2023
    risk 0.44cvss 6.8epss 0.01

    IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.

  • CVE-2022-33165MedOct 14, 2023
    risk 0.44cvss 6.8epss 0.01

    IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.

  • CVE-2023-35012MedJul 17, 2023
    risk 0.44cvss 6.7epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on…

  • CVE-2023-30993MedJun 27, 2023
    risk 0.44cvss 6.8epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136.

Page 26 of 166