VYPR

Vendor CVEs

IBM

All CVEs

8,290 total · sorted by risk
  • CVE-2016-5954MedSep 12, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.

  • CVE-2016-2989MedAug 8, 2016
    risk 0.42cvss 6.5epss 0.02

    Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2016-0361MedAug 8, 2016
    risk 0.42cvss 6.5epss 0.02

    IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated…

  • CVE-2016-2865MedJul 15, 2016
    risk 0.42cvss 6.5epss 0.01

    The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive…

  • CVE-2016-0314MedJul 8, 2016
    risk 0.42cvss 6.5epss 0.01

    The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors.

  • CVE-2016-3956HigJul 2, 2016
    risk 0.42cvss 7.5epss 0.07

    The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading…

  • CVE-2016-2968MedJul 2, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.

  • CVE-2016-0349MedJun 30, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.

  • CVE-2016-0298MedJun 29, 2016
    risk 0.42cvss 6.5epss 0.01

    Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2016-0288MedJun 1, 2016
    risk 0.42cvss 6.5epss 0.02

    IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML…

  • CVE-2016-0323MedMay 17, 2016
    risk 0.42cvss 6.5epss 0.01

    The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.

  • CVE-2015-8530MedMay 14, 2016
    risk 0.42cvss 6.5epss 0.02

    Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 23.0.0.3-IF0001, and 24 before 24.0.0.0-IF0003 allows remote authenticated users…

  • CVE-2015-7456MedJan 1, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.

  • CVE-2025-66483MedApr 1, 2026
    risk 0.41cvss 6.3epss 0.00

    IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.

  • CVE-2023-50941MedFeb 2, 2024
    risk 0.41cvss 6.3epss 0.00

    IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.

  • CVE-2023-50936MedFeb 2, 2024
    risk 0.41cvss 6.3epss 0.00

    IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.

  • CVE-2023-35895MedDec 20, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116.

  • CVE-2023-27869MedJul 10, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property,…

  • CVE-2023-27868MedJul 10, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request…

  • CVE-2023-27867MedJul 10, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could…

  • CVE-2023-27866MedJun 28, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.

  • CVE-2023-0041MedJun 5, 2023
    risk 0.41cvss 6.3epss 0.00

    IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657.

  • CVE-2022-47984MedMay 19, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163.

  • CVE-2023-27554MedMay 11, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.

  • CVE-2022-43873MedFeb 22, 2023
    risk 0.41cvss 6.3epss 0.01

    An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.

  • CVE-2022-40232MedFeb 17, 2023
    risk 0.41cvss 6.3epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.

  • CVE-2022-40615MedJan 11, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.…

  • CVE-2022-43920MedJan 4, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362.

  • CVE-2022-22338MedJan 4, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force…

  • CVE-2022-22458MedDec 22, 2022
    risk 0.41cvss 6.3epss 0.01

    IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009.

  • CVE-2022-43859MedDec 22, 2022
    risk 0.41cvss 6.3epss 0.01

    IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this…

  • CVE-2020-4974MedJul 28, 2021
    risk 0.41cvss 6.3epss 0.01

    IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.

  • CVE-2019-4671MedSep 15, 2020
    risk 0.41cvss 6.3epss 0.01

    IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437.

  • CVE-2020-4328MedAug 3, 2020
    risk 0.41cvss 6.3epss 0.01

    IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.

  • CVE-2020-6290MedJul 14, 2020
    risk 0.41cvss 6.3epss 0.01

    SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.

  • CVE-2019-4650MedJun 26, 2020
    risk 0.41cvss 6.3epss 0.01

    IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.

  • CVE-2020-4294MedApr 15, 2020
    risk 0.41cvss 6.3epss 0.01

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.

  • CVE-2020-4271MedApr 15, 2020
    risk 0.41cvss 6.3epss 0.02

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897.

  • CVE-2020-4205MedMar 19, 2020
    risk 0.41cvss 6.3epss 0.01

    IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.

  • CVE-2019-4669MedFeb 27, 2020
    risk 0.41cvss 6.3epss 0.01

    IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the…

  • CVE-2019-4598MedFeb 26, 2020
    risk 0.41cvss 6.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:…

  • CVE-2019-4597MedFeb 26, 2020
    risk 0.41cvss 6.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:…

  • CVE-2019-4304MedSep 30, 2019
    risk 0.41cvss 6.3epss 0.01

    IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.

  • CVE-2019-4536MedAug 29, 2019
    risk 0.41cvss 6.3epss 0.00

    IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore…

  • CVE-2019-4072MedMay 9, 2019
    risk 0.41cvss 6.3epss 0.01

    IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a…

  • CVE-2018-1994MedApr 10, 2019
    risk 0.41cvss 6.3epss 0.02

    IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.

  • CVE-2018-1797MedNov 16, 2018
    risk 0.41cvss 6.3epss 0.02

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an…

  • CVE-2018-1819MedOct 4, 2018
    risk 0.41cvss 6.3epss 0.02

    IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in…

  • CVE-2018-1674MedSep 20, 2018
    risk 0.41cvss 6.3epss 0.02

    IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM…

  • CVE-2018-1699MedAug 24, 2018
    risk 0.41cvss 6.3epss 0.02

    IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.

Page 35 of 166