VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2018-1683MedSep 26, 2018
    risk 0.39cvss 5.9epss 0.02

    IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455.

  • CVE-2018-1719MedSep 14, 2018
    risk 0.39cvss 5.9epss 0.02

    IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.

  • CVE-2018-1755MedAug 24, 2018
    risk 0.39cvss 5.9epss 0.03

    IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is…

  • CVE-2018-1517MedAug 20, 2018
    risk 0.39cvss 5.9epss 0.04

    A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.

  • CVE-2018-1546MedJul 6, 2018
    risk 0.39cvss 5.9epss 0.02

    IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2017-1476MedJun 6, 2018
    risk 0.39cvss 5.9epss 0.02

    IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to…

  • CVE-2018-1375MedMay 29, 2018
    risk 0.39cvss 5.9epss 0.02

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force…

  • CVE-2017-1501MedAug 18, 2017
    risk 0.39cvss 5.9epss 0.02

    IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.

  • CVE-2016-0270MedFeb 8, 2017
    risk 0.39cvss 5.9epss 0.03

    IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session…

  • CVE-2016-0201MedJan 18, 2016
    risk 0.39cvss 5.9epss 0.02

    GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.

  • CVE-2015-7422MedJan 2, 2016
    risk 0.39cvss 5.5epss 0.01

    Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2024-40684MedMay 27, 2026
    risk 0.38cvss 5.9epss 0.00

    IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default,…

  • CVE-2025-13916MedApr 1, 2026
    risk 0.38cvss 5.9epss 0.00

    IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

  • CVE-2023-47700MedFeb 7, 2024
    risk 0.38cvss 5.9epss 0.01

    IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host,…

  • CVE-2023-50962MedFeb 2, 2024
    risk 0.38cvss 5.9epss 0.00

    IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.

  • CVE-2023-50937MedFeb 2, 2024
    risk 0.38cvss 5.9epss 0.00

    IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.

  • CVE-2023-50939MedFeb 2, 2024
    risk 0.38cvss 5.9epss 0.00

    IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.

  • CVE-2023-47152MedJan 22, 2024
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

  • CVE-2023-45193MedJan 22, 2024
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

  • CVE-2022-43843MedDec 14, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.

  • CVE-2023-46167MedDec 4, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

  • CVE-2023-40692MedDec 4, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.

  • CVE-2023-42019MedDec 1, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.

  • CVE-2023-38361MedNov 18, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770.

  • CVE-2023-43018MedNov 3, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.

  • CVE-2023-43045MedOct 23, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.

  • CVE-2023-38276MedOct 22, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.

  • CVE-2023-38275MedOct 22, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.

  • CVE-2022-22385MedOct 17, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962.

  • CVE-2022-22401MedSep 8, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.

  • CVE-2023-24965MedSep 8, 2023
    risk 0.38cvss 5.8epss 0.00

    IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.

  • CVE-2022-22405MedSep 8, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…

  • CVE-2023-22870MedSep 5, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.

  • CVE-2023-38730MedAug 27, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268.

  • CVE-2023-38737MedAug 16, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.

  • CVE-2023-28513MedJul 19, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.

  • CVE-2021-38933MedJul 19, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.

  • CVE-2023-30448MedJul 10, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

  • CVE-2023-30447MedJul 10, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

  • CVE-2023-30446MedJul 10, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .

  • CVE-2023-30442MedJul 10, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.

  • CVE-2023-27540MedJul 10, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.

  • CVE-2023-26276MedJun 27, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.

  • CVE-2023-25683MedJun 15, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.

  • CVE-2023-27861MedJun 5, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208.

  • CVE-2023-22862MedJun 5, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

  • CVE-2023-27870MedMay 11, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.

  • CVE-2023-26285MedMay 5, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.

  • CVE-2023-26022MedApr 28, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.

  • CVE-2023-25930MedApr 28, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.

Page 42 of 166