VYPR

Vendor CVEs

IBM

All CVEs

8,291 total · sorted by risk
  • CVE-2023-30440MedMay 23, 2023
    risk 0.44cvss 6.7epss 0.00

    IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to…

  • CVE-2022-43863MedMar 22, 2023
    risk 0.44cvss 6.7epss 0.01

    IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.

  • CVE-2022-42439MedFeb 6, 2023
    risk 0.44cvss 6.8epss 0.01

    IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.

  • CVE-2022-40607MedDec 19, 2022
    risk 0.44cvss 6.8epss 0.01

    IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.

  • CVE-2020-4497MedDec 14, 2022
    risk 0.44cvss 6.8epss 0.00

    IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM…

  • CVE-2022-33955MedAug 1, 2022
    risk 0.44cvss 6.8epss 0.01

    IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.

  • CVE-2022-22309MedMay 24, 2022
    risk 0.44cvss 6.8epss 0.00

    The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095.

  • CVE-2021-29859MedMay 2, 2022
    risk 0.44cvss 6.8epss 0.00

    IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain…

  • CVE-2021-38967MedNov 30, 2021
    risk 0.44cvss 6.7epss 0.00

    IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.

  • CVE-2021-29699MedJul 15, 2021
    risk 0.44cvss 6.8epss 0.01

    IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.

  • CVE-2021-29708MedMay 25, 2021
    risk 0.44cvss 6.7epss 0.00

    IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.

  • CVE-2021-20515MedApr 30, 2021
    risk 0.44cvss 6.7epss 0.00

    IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.

  • CVE-2020-5014MedMar 8, 2021
    risk 0.44cvss 6.7epss 0.01

    IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.

  • CVE-2020-4928MedJan 4, 2021
    risk 0.44cvss 6.7epss 0.00

    IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.

  • CVE-2020-4689MedOct 12, 2020
    risk 0.44cvss 6.8epss 0.02

    IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696.

  • CVE-2020-4190MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.00

    IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851.

  • CVE-2020-4230MedFeb 19, 2020
    risk 0.44cvss 6.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.

  • CVE-2018-1636MedAug 20, 2019
    risk 0.44cvss 6.7epss 0.00

    Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.

  • CVE-2018-1635MedAug 20, 2019
    risk 0.44cvss 6.7epss 0.00

    Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.

  • CVE-2018-1634MedAug 20, 2019
    risk 0.44cvss 6.7epss 0.00

    IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.

  • CVE-2018-1633MedAug 20, 2019
    risk 0.44cvss 6.7epss 0.00

    IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.

  • CVE-2018-1632MedAug 20, 2019
    risk 0.44cvss 6.7epss 0.00

    IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.

  • CVE-2018-1631MedAug 20, 2019
    risk 0.44cvss 6.7epss 0.00

    IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.

  • CVE-2018-1630MedAug 20, 2019
    risk 0.44cvss 6.7epss 0.00

    IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.

  • CVE-2019-4383MedJul 1, 2019
    risk 0.44cvss 6.7epss 0.00

    When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.

  • CVE-2019-4357MedJul 1, 2019
    risk 0.44cvss 6.7epss 0.00

    When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,

  • CVE-2019-4057MedJul 1, 2019
    risk 0.44cvss 6.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.

  • CVE-2019-4153MedJun 25, 2019
    risk 0.44cvss 6.8epss 0.01

    IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed…

  • CVE-2018-1903MedApr 10, 2019
    risk 0.44cvss 6.7epss 0.00

    IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.

  • CVE-2018-1939MedMar 5, 2019
    risk 0.44cvss 6.8epss 0.01

    IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a…

  • CVE-2018-1675MedFeb 4, 2019
    risk 0.44cvss 6.8epss 0.02

    IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.

  • CVE-2018-1654MedDec 11, 2018
    risk 0.44cvss 6.8epss 0.01

    IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to…

  • CVE-2018-1928MedNov 30, 2018
    risk 0.44cvss 6.7epss 0.00

    IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM…

  • CVE-2018-1704MedSep 28, 2018
    risk 0.44cvss 6.8epss 0.01

    IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this…

  • CVE-2017-1748MedJun 4, 2018
    risk 0.44cvss 6.8epss 0.01

    IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a…

  • CVE-2017-1233MedJan 31, 2018
    risk 0.44cvss 6.7epss 0.00

    IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.

  • CVE-2017-1545MedJan 26, 2018
    risk 0.44cvss 6.8epss 0.00

    IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.

  • CVE-2017-1508MedSep 13, 2017
    risk 0.44cvss 6.7epss 0.00

    IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.

  • CVE-2017-1439MedSep 12, 2017
    risk 0.44cvss 6.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.

  • CVE-2017-1438MedSep 12, 2017
    risk 0.44cvss 6.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.

  • CVE-2016-2981MedMar 20, 2017
    risk 0.44cvss 6.8epss 0.00

    An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.

  • CVE-2016-6034MedFeb 1, 2017
    risk 0.44cvss 6.8epss 0.01

    IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.

  • CVE-2016-3047MedDec 1, 2016
    risk 0.44cvss 6.8epss 0.01

    Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2016-2933MedNov 30, 2016
    risk 0.44cvss 6.8epss 0.03

    Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.

  • CVE-2016-0204MedOct 16, 2016
    risk 0.44cvss 6.8epss 0.01

    Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2016-5977MedSep 26, 2016
    risk 0.44cvss 6.8epss 0.01

    Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3…

  • CVE-2016-5972MedSep 26, 2016
    risk 0.44cvss 6.8epss 0.01

    IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2016-3040MedSep 26, 2016
    risk 0.44cvss 6.8epss 0.01

    IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2016-5878MedAug 8, 2016
    risk 0.44cvss 6.8epss 0.01

    Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2016-0230MedJul 7, 2016
    risk 0.44cvss 6.8epss 0.00

    IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.

Page 27 of 166