VYPR

Vendor CVEs

IBM

All CVEs

8,292 total · sorted by risk
  • CVE-2020-4619MedSep 22, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.

  • CVE-2020-4612MedSep 22, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924.

  • CVE-2020-4590MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.

  • CVE-2020-4711MedSep 15, 2020
    risk 0.42cvss 6.5epss 0.03

    IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501.

  • CVE-2020-4632MedSep 4, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.

  • CVE-2020-4337MedSep 3, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.

  • CVE-2020-4167MedAug 27, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403.

  • CVE-2019-4697MedAug 26, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938.

  • CVE-2020-4383MedAug 24, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165.

  • CVE-2020-4648MedAug 19, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019.

  • CVE-2020-4381MedAug 19, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. IBM X-Force ID: 179162.

  • CVE-2020-4485MedAug 11, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID: 181860.

  • CVE-2020-4569MedJul 29, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 184158.

  • CVE-2020-4465MedJul 28, 2020
    risk 0.42cvss 6.5epss 0.02

    IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM…

  • CVE-2020-4399MedJul 22, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.

  • CVE-2020-4466MedJul 20, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.

  • CVE-2020-4511MedJul 14, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366.

  • CVE-2020-4376MedJul 1, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081.

  • CVE-2020-4320MedJun 16, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.

  • CVE-2020-4477MedJun 15, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.

  • CVE-2020-4471MedJun 15, 2020
    risk 0.42cvss 6.5epss 0.03

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.

  • CVE-2020-4307MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997.

  • CVE-2020-4249MedMay 28, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485.

  • CVE-2020-4231MedMay 28, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335.

  • CVE-2020-4348MedMay 27, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414

  • CVE-2020-4461MedMay 20, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.

  • CVE-2020-4286MedMay 19, 2020
    risk 0.42cvss 6.5epss 0.00

    IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.

  • CVE-2020-4259MedMay 14, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.

  • CVE-2019-4478MedMay 12, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998.

  • CVE-2020-4267MedApr 24, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.

  • CVE-2020-4085MedApr 22, 2020
    risk 0.42cvss 6.5epss 0.01

    "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user."

  • CVE-2020-4151MedApr 14, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. IBM X-Force ID: 174201.

  • CVE-2020-4325MedApr 2, 2020
    risk 0.42cvss 6.5epss 0.01

    The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine…

  • CVE-2020-4240MedMar 31, 2020
    risk 0.42cvss 6.5epss 0.02

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417.

  • CVE-2020-4236MedMar 31, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409.

  • CVE-2019-4656MedMar 16, 2020
    risk 0.42cvss 6.5epss 0.02

    IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.

  • CVE-2020-4200MedFeb 19, 2020
    risk 0.42cvss 6.5epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

  • CVE-2020-4161MedFeb 19, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.

  • CVE-2019-4457MedFeb 19, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654.

  • CVE-2019-4670MedFeb 5, 2020
    risk 0.42cvss 6.5epss 0.02

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.

  • CVE-2019-4732MedFeb 3, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows…

  • CVE-2019-4614MedJan 28, 2020
    risk 0.42cvss 6.5epss 0.02

    IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.

  • CVE-2012-4863MedJan 23, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability

  • CVE-2019-4343MedDec 30, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.

  • CVE-2019-4560MedDec 16, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357.

  • CVE-2019-4530MedNov 20, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.

  • CVE-2019-4556MedNov 9, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.

  • CVE-2019-4306MedOct 29, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986.

  • CVE-2019-4397MedOct 24, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or…

  • CVE-2019-4141MedSep 27, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.

Page 32 of 166