VYPR

Vendor CVEs

IBM

All CVEs

8,292 total · sorted by risk
  • CVE-2021-39014MedJul 7, 2023
    risk 0.42cvss 6.4epss 0.00

    IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2022-34352MedJun 27, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403.

  • CVE-2023-23481MedJun 8, 2023
    risk 0.42cvss 6.4epss 0.00

    IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2023-25927MedMay 12, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.

  • CVE-2023-28520MedMay 12, 2023
    risk 0.42cvss 6.4epss 0.00

    IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2023-23470MedMay 4, 2023
    risk 0.42cvss 6.4epss 0.01

    IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to…

  • CVE-2023-27556MedApr 28, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force…

  • CVE-2023-25684MedMar 21, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM…

  • CVE-2023-27873MedMar 21, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.

  • CVE-2022-43902MedMar 10, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.

  • CVE-2022-35645MedMar 2, 2023
    risk 0.42cvss 6.4epss 0.00

    IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…

  • CVE-2022-40237MedFeb 27, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727.

  • CVE-2022-43870MedFeb 22, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.

  • CVE-2022-36775MedFeb 17, 2023
    risk 0.42cvss 6.5epss 0.00

    IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including…

  • CVE-2022-43869MedFeb 12, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force…

  • CVE-2022-34335MedJan 11, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.

  • CVE-2022-43883MedDec 19, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

  • CVE-2022-38708MedDec 19, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system.…

  • CVE-2022-41274MedDec 13, 2022
    risk 0.42cvss 6.5epss 0.01

    SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can lead to the exposure of data like…

  • CVE-2022-41296MedDec 12, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

  • CVE-2022-40235MedNov 3, 2022
    risk 0.42cvss 6.5epss 0.01

    "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725."

  • CVE-2022-40230MedNov 3, 2022
    risk 0.42cvss 6.5epss 0.00

    "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532."

  • CVE-2022-34339MedNov 3, 2022
    risk 0.42cvss 6.5epss 0.00

    "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."

  • CVE-2022-22442MedNov 3, 2022
    risk 0.42cvss 6.5epss 0.00

    "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."

  • CVE-2022-34334MedOct 10, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.

  • CVE-2022-41291MedOct 7, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.

  • CVE-2022-36772MedOct 7, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user.

  • CVE-2022-41294MedOct 6, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807.

  • CVE-2012-4818MedSep 29, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content…

  • CVE-2022-36771MedSep 28, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.

  • CVE-2022-35282MedSep 28, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.

  • CVE-2022-35637MedSep 13, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

  • CVE-2022-22483MedSep 13, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

  • CVE-2021-29823MedSep 1, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.

  • CVE-2021-20468MedSep 1, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.

  • CVE-2020-4301MedSep 1, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

  • CVE-2021-39087MedAug 16, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.

  • CVE-2022-22411MedAug 10, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016.

  • CVE-2022-35716MedAug 1, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.

  • CVE-2022-34338MedAug 1, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962.

  • CVE-2022-33169MedAug 1, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888.

  • CVE-2022-35288MedJul 25, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.

  • CVE-2022-22359MedJul 19, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.

  • CVE-2022-22445MedJul 18, 2022
    risk 0.42cvss 6.5epss 0.01

    An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.

  • CVE-2021-38868MedJul 18, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310.

  • CVE-2021-29799MedJul 18, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738.

  • CVE-2022-35283MedJul 14, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.

  • CVE-2021-39019MedJul 14, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.

  • CVE-2021-39017MedJul 14, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.

  • CVE-2022-22463MedJul 8, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM…

Page 29 of 166