VYPR

Vendor CVEs

IBM

All CVEs

8,291 total · sorted by risk
  • CVE-2019-4515MedSep 24, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.

  • CVE-2018-1847MedSep 18, 2019
    risk 0.42cvss 6.5epss 0.02

    IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a…

  • CVE-2019-4477MedSep 17, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.

  • CVE-2019-4167MedAug 20, 2019
    risk 0.42cvss 6.5epss 0.00

    IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.

  • CVE-2019-4261MedAug 5, 2019
    risk 0.42cvss 6.5epss 0.03

    IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.

  • CVE-2019-4386MedJul 1, 2019
    risk 0.42cvss 6.5epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

  • CVE-2019-4385MedJun 19, 2019
    risk 0.42cvss 6.5epss 0.00

    IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

  • CVE-2019-4173MedJun 17, 2019
    risk 0.42cvss 6.5epss 0.02

    IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability…

  • CVE-2018-2028MedJun 6, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.

  • CVE-2019-4058MedMay 20, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.

  • CVE-2018-2015MedMay 2, 2019
    risk 0.42cvss 6.4epss 0.02

    IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…

  • CVE-2019-4178MedApr 15, 2019
    risk 0.42cvss 6.4epss 0.03

    IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.

  • CVE-2018-1992MedMar 21, 2019
    risk 0.42cvss 6.4epss 0.00

    The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that,…

  • CVE-2018-2009MedMar 11, 2019
    risk 0.42cvss 6.5epss 0.02

    IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.

  • CVE-2018-1775MedFeb 27, 2019
    risk 0.42cvss 6.5epss 0.02

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.

  • CVE-2018-1661MedDec 20, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.

  • CVE-2018-1927MedNov 30, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118.

  • CVE-2018-1708MedOct 11, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343.

  • CVE-2018-1741MedOct 8, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other consequences. IBM X-Force ID: 148420.

  • CVE-2018-1782MedSep 19, 2018
    risk 0.42cvss 6.5epss 0.00

    IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID:…

  • CVE-2018-1705MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340.

  • CVE-2017-1286MedAug 13, 2018
    risk 0.42cvss 6.5epss 0.01

    Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147.

  • CVE-2017-1755MedAug 6, 2018
    risk 0.42cvss 6.5epss 0.00

    IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855.

  • CVE-2018-1495MedMay 29, 2018
    risk 0.42cvss 6.5epss 0.02

    IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.

  • CVE-2018-1464MedMay 17, 2018
    risk 0.42cvss 6.5epss 0.02

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not…

  • CVE-2018-1463MedMay 17, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access…

  • CVE-2018-1389MedApr 30, 2018
    risk 0.42cvss 6.5epss 0.02

    IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

  • CVE-2017-1723MedApr 26, 2018
    risk 0.42cvss 6.5epss 0.03

    IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.

  • CVE-2014-0882MedApr 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.

  • CVE-2017-1700MedApr 24, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody…

  • CVE-2014-4782MedApr 20, 2018
    risk 0.42cvss 6.5epss 0.02

    IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029.

  • CVE-2018-1371MedApr 17, 2018
    risk 0.42cvss 6.5epss 0.01

    An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.

  • CVE-2015-4987MedMar 27, 2018
    risk 0.42cvss 6.5epss 0.01

    The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.

  • CVE-2015-7461MedMar 20, 2018
    risk 0.42cvss 6.5epss 0.01

    XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.

  • CVE-2018-1391MedFeb 22, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IBM X-Force ID: 138376.

  • CVE-2017-1279MedJan 26, 2018
    risk 0.42cvss 6.5epss 0.02

    IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.

  • CVE-2016-0219MedJan 16, 2018
    risk 0.42cvss 6.5epss 0.01

    XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM…

  • CVE-2016-0215MedJan 16, 2018
    risk 0.42cvss 6.5epss 0.02

    IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.

  • CVE-2017-1550MedDec 11, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290.

  • CVE-2017-1487MedDec 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626.

  • CVE-2017-1433MedDec 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.

  • CVE-2017-1628MedNov 27, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.

  • CVE-2017-1222MedOct 26, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862.

  • CVE-2017-1212MedOct 24, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852.

  • CVE-2017-1538MedOct 10, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.

  • CVE-2017-1235MedSep 25, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.

  • CVE-2015-0110MedSep 15, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.

  • CVE-2017-1556MedSep 13, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.

  • CVE-2016-2965MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.

  • CVE-2016-0356MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895.

Page 33 of 166