VYPR

Vendor CVEs

IBM

All CVEs

8,292 total · sorted by risk
  • CVE-2020-4980MedJul 16, 2021
    risk 0.42cvss 6.5epss 0.00

    IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539.

  • CVE-2020-4675MedJul 16, 2021
    risk 0.42cvss 6.5epss 0.00

    IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324.

  • CVE-2021-20537MedJul 15, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918

  • CVE-2021-20461MedJun 30, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.

  • CVE-2021-20573MedJun 28, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249.

  • CVE-2021-20572MedJun 28, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247.

  • CVE-2021-20494MedJun 28, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.

  • CVE-2021-29777MedJun 24, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

  • CVE-2021-20579MedJun 24, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

  • CVE-2021-20488MedJun 16, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.

  • CVE-2021-20483MedJun 16, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.

  • CVE-2021-20371MedJun 2, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.

  • CVE-2020-4732MedJun 2, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.

  • CVE-2019-4471MedJun 1, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM…

  • CVE-2021-20486MedMay 26, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.

  • CVE-2021-29695MedMay 25, 2021
    risk 0.42cvss 6.5epss 0.02

    IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request that would allow them to delete arbitrary files on the system. IBM X-Force ID: 200558.

  • CVE-2021-29683MedMay 20, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998.

  • CVE-2020-4901MedMay 7, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.

  • CVE-2020-4883MedMay 5, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907.

  • CVE-2021-20432MedApr 26, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344.

  • CVE-2021-20480MedApr 8, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

  • CVE-2020-5016MedMar 10, 2021
    risk 0.42cvss 6.5epss 0.02

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot"…

  • CVE-2020-4903MedMar 8, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.

  • CVE-2020-4931MedFeb 24, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.

  • CVE-2021-20445MedFeb 18, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.

  • CVE-2020-9307MedFeb 11, 2021
    risk 0.42cvss 6.5epss 0.01

    Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform…

  • CVE-2020-4790MedFeb 9, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.

  • CVE-2021-20359MedFeb 8, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.

  • CVE-2021-20358MedFeb 8, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.

  • CVE-2020-4828MedFeb 4, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.

  • CVE-2020-4789MedJan 27, 2021
    risk 0.42cvss 6.5epss 0.03

    IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files…

  • CVE-2020-4968MedJan 21, 2021
    risk 0.42cvss 6.5epss 0.00

    IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.

  • CVE-2020-4869MedJan 11, 2021
    risk 0.42cvss 6.5epss 0.02

    IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831.

  • CVE-2020-5019MedJan 8, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which…

  • CVE-2020-4896MedJan 7, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.

  • CVE-2020-4757MedDec 21, 2020
    risk 0.42cvss 6.4epss 0.01

    IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2020-14225MedDec 21, 2020
    risk 0.42cvss 6.5epss 0.01

    HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing…

  • CVE-2020-4764MedDec 18, 2020
    risk 0.42cvss 6.5epss 0.00

    IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898.

  • CVE-2020-4904MedDec 16, 2020
    risk 0.42cvss 6.5epss 0.00

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2019-4738MedDec 10, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.

  • CVE-2020-26828MedDec 9, 2020
    risk 0.42cvss 6.4epss 0.01

    SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload…

  • CVE-2020-4592MedNov 18, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.

  • CVE-2020-4692MedNov 16, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.

  • CVE-2020-4671MedNov 16, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.

  • CVE-2020-4566MedNov 16, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.

  • CVE-2020-4475MedNov 16, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks…

  • CVE-2020-4482MedNov 6, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856.

  • CVE-2020-4782MedOct 28, 2020
    risk 0.42cvss 6.5epss 0.03

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2020-4781MedOct 12, 2020
    risk 0.42cvss 6.5epss 0.01

    An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159.

  • CVE-2020-4773MedOct 12, 2020
    risk 0.42cvss 6.5epss 0.01

    A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server…

Page 31 of 166