VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2017-1722MedApr 26, 2018
    risk 0.41cvss 6.3epss 0.01

    IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.

  • CVE-2016-0276MedMar 9, 2018
    risk 0.41cvss 6.3epss 0.02

    IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate…

  • CVE-2016-2980MedAug 29, 2017
    risk 0.41cvss 6.3epss 0.01

    The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993.

  • CVE-2016-5990MedFeb 1, 2017
    risk 0.41cvss 6.3epss 0.01

    IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.

  • CVE-2016-5939MedFeb 1, 2017
    risk 0.41cvss 6.3epss 0.01

    IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

  • CVE-2016-0325MedNov 24, 2016
    risk 0.41cvss 6.3epss 0.01

    IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5;…

  • CVE-2026-8852MedMay 26, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.

  • CVE-2025-36335MedApr 30, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.

  • CVE-2025-13044MedApr 7, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2025-13702MedMar 13, 2026
    risk 0.40cvss 6.1epss 0.00

    IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

  • CVE-2025-36173MedMar 10, 2026
    risk 0.40cvss 6.1epss 0.00

    Affected Product(s)Version(s)InfoSphere Data Architect9.2.1

  • CVE-2025-33135MedFeb 17, 2026
    risk 0.40cvss 6.1epss 0.00

    IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an…

  • CVE-2023-38369MedFeb 7, 2024
    risk 0.40cvss 6.2epss 0.01

    IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.

  • CVE-2024-22331MedFeb 6, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.

  • CVE-2023-32329MedFeb 3, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force…

  • CVE-2023-31005MedFeb 3, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force…

  • CVE-2023-47144MedFeb 2, 2024
    risk 0.40cvss 6.1epss 0.00

    IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2023-50933MedFeb 2, 2024
    risk 0.40cvss 6.1epss 0.00

    IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113.

  • CVE-2023-45171MedJan 11, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969.

  • CVE-2023-45169MedJan 11, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.

  • CVE-2023-38267MedJan 11, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM…

  • CVE-2023-45175MedJan 11, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973.

  • CVE-2023-45173MedJan 11, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971.

  • CVE-2023-45165MedDec 22, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963.

  • CVE-2023-42012MedDec 20, 2023
    risk 0.40cvss 6.2epss 0.00

    An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.

  • CVE-2023-45172MedDec 19, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970.

  • CVE-2023-45184MedDec 14, 2023
    risk 0.40cvss 6.2epss 0.02

    IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.

  • CVE-2023-47722MedDec 9, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.

  • CVE-2023-28527MedDec 9, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.

  • CVE-2023-28526MedDec 9, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.

  • CVE-2023-25682MedNov 22, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.

  • CVE-2023-38364MedNov 13, 2023
    risk 0.40cvss 6.1epss 0.00

    IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: …

  • CVE-2023-45167MedNov 10, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.

  • CVE-2023-45176MedOct 14, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.

  • CVE-2023-40371MedAug 24, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

  • CVE-2023-33832MedJul 19, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012.

  • CVE-2023-32339MedJun 27, 2023
    risk 0.40cvss 6.1epss 0.00

    IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2023-33842MedJun 22, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.

  • CVE-2023-22878MedMay 19, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.

  • CVE-2023-28514MedMay 19, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

  • CVE-2021-39036MedMay 12, 2023
    risk 0.40cvss 6.1epss 0.01

    IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2023-30434MedMay 5, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.

  • CVE-2023-24966MedApr 27, 2023
    risk 0.40cvss 6.1epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. …

  • CVE-2023-25686MedMar 21, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601.

  • CVE-2022-43874MedMar 15, 2023
    risk 0.40cvss 6.1epss 0.00

    IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2022-43923MedFeb 24, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584.

  • CVE-2022-43930MedFeb 17, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.

  • CVE-2023-24964MedFeb 17, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.

  • CVE-2022-47990MedJan 18, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556.  

  • CVE-2022-34330MedJan 5, 2023
    risk 0.40cvss 6.1epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

Page 36 of 166