VYPR

Vendor CVEs

IBM

All CVEs

8,290 total · sorted by risk
  • CVE-2016-0355MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894.

  • CVE-2017-1110MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.

  • CVE-2017-1190MedAug 14, 2017
    risk 0.42cvss 6.4epss 0.00

    IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system.…

  • CVE-2017-1504MedAug 3, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.

  • CVE-2015-0194MedAug 2, 2017
    risk 0.42cvss 6.5epss 0.01

    XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

  • CVE-2016-9717MedJul 31, 2017
    risk 0.42cvss 6.5epss 0.01

    HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be…

  • CVE-2017-1374MedJul 21, 2017
    risk 0.42cvss 6.5epss 0.01

    Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.

  • CVE-2017-1219MedJul 19, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859.

  • CVE-2017-1308MedJul 13, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.

  • CVE-2017-1285MedJul 12, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.

  • CVE-2017-1236MedJul 6, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354

  • CVE-2017-1258MedJul 5, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685

  • CVE-2017-1310MedJun 29, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.

  • CVE-2017-1193MedJun 23, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.

  • CVE-2017-1131MedJun 23, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.

  • CVE-2016-9982MedJun 22, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274.

  • CVE-2017-3744MedJun 20, 2017
    risk 0.42cvss 6.5epss 0.01

    In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear…

  • CVE-2016-3019MedJun 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.

  • CVE-2016-0254MedJun 7, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause…

  • CVE-2016-9750MedMay 15, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.

  • CVE-2016-8925MedApr 14, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.

  • CVE-2017-1154MedMar 31, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.

  • CVE-2017-1142MedMar 27, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this…

  • CVE-2016-9729MedMar 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545.

  • CVE-2016-8971MedMar 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.

  • CVE-2016-8986MedFeb 22, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.

  • CVE-2016-8915MedFeb 22, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.

  • CVE-2016-3013MedFeb 22, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.

  • CVE-2016-8933MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

  • CVE-2016-6110MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.00

    IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

  • CVE-2016-8913MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2016-6126MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2016-6085MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.

  • CVE-2016-6084MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.

  • CVE-2016-5994MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.

  • CVE-2016-5988MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.

  • CVE-2016-5950MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.

  • CVE-2016-3027MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory…

  • CVE-2016-3022MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.

  • CVE-2016-3044MedDec 1, 2016
    risk 0.42cvss 6.5epss 0.00

    The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors.

  • CVE-2016-2881MedNov 30, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters.

  • CVE-2016-2950MedNov 30, 2016
    risk 0.42cvss 6.5epss 0.01

    SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-2937MedNov 30, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability."

  • CVE-2016-0317MedNov 25, 2016
    risk 0.42cvss 6.5epss 0.01

    Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

  • CVE-2016-2996MedNov 24, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors.

  • CVE-2016-6038MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2016-5997MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality…

  • CVE-2016-5970MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

  • CVE-2016-5946MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

  • CVE-2016-2999MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack.

Page 34 of 166