VYPR

Vendor CVEs

IBM

All CVEs

8,292 total · sorted by risk
  • CVE-2022-22496MedJun 30, 2022
    risk 0.42cvss 6.5epss 0.00

    While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.

  • CVE-2022-22389MedJun 24, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.

  • CVE-2021-29768MedJun 24, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.

  • CVE-2022-30607MedJun 17, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294.

  • CVE-2022-22361MedMay 31, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0…

  • CVE-2022-22482MedMay 17, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977.

  • CVE-2022-22475MedMay 17, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.

  • CVE-2022-22393MedMay 13, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078.

  • CVE-2022-22415MedMay 5, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029.

  • CVE-2022-22441MedApr 28, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.

  • CVE-2022-22323MedApr 27, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to…

  • CVE-2022-22312MedApr 27, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to…

  • CVE-2021-38904MedApr 22, 2022
    risk 0.42cvss 6.5epss 0.02

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.

  • CVE-2021-20464MedApr 22, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.

  • CVE-2021-39033MedApr 19, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks…

  • CVE-2022-22356MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.

  • CVE-2022-22404MedApr 1, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.

  • CVE-2022-22311MedMar 31, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.

  • CVE-2022-22316MedMar 23, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.

  • CVE-2021-29899MedMar 18, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.

  • CVE-2022-22353MedMar 14, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.

  • CVE-2021-39051MedMar 14, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the…

  • CVE-2022-22333MedFeb 23, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local…

  • CVE-2019-4291MedFeb 16, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697.

  • CVE-2021-39080MedFeb 14, 2022
    risk 0.42cvss 6.5epss 0.01

    Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM…

  • CVE-2022-22310MedJan 19, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.

  • CVE-2021-39056MedJan 13, 2022
    risk 0.42cvss 6.5epss 0.01

    The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537.

  • CVE-2021-39013MedDec 22, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.

  • CVE-2021-38900MedDec 21, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.

  • CVE-2021-38937MedDec 10, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894.

  • CVE-2021-38931MedDec 9, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

  • CVE-2021-29716MedDec 3, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.

  • CVE-2021-38875MedNov 23, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.

  • CVE-2021-38975MedNov 15, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.

  • CVE-2021-38974MedNov 15, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779.

  • CVE-2021-38887MedNov 10, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.

  • CVE-2021-29843MedNov 8, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.

  • CVE-2021-29786MedOct 27, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.

  • CVE-2021-38915MedOct 12, 2021
    risk 0.42cvss 6.5epss 0.00

    IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.

  • CVE-2020-4654MedOct 8, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.

  • CVE-2021-20473MedOct 7, 2021
    risk 0.42cvss 6.5epss 0.00

    IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.

  • CVE-2021-20375MedOct 7, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.

  • CVE-2021-29816MedSep 23, 2021
    risk 0.42cvss 6.5epss 0.00

    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341.

  • CVE-2021-29856MedSep 20, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685.

  • CVE-2021-20433MedSep 15, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.

  • CVE-2020-4992MedAug 17, 2021
    risk 0.42cvss 6.5epss 0.00

    IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.

  • CVE-2021-29880MedAug 13, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979.

  • CVE-2021-29714MedAug 9, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968.

  • CVE-2021-29770MedJul 26, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771.

  • CVE-2021-20431MedJul 26, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.

Page 30 of 166