Vendor CVEs
IBM
All CVEs
8,286 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27557 | Med | 0.38 | 5.9 | 0.00 | Apr 28, 2023 | IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive… | ||
| CVE-2022-34333 | Med | 0.38 | 5.9 | 0.01 | Apr 7, 2023 | IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. | ||
| CVE-2023-26281 | Med | 0.38 | 5.9 | 0.01 | Mar 1, 2023 | IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. | ||
| CVE-2022-34351 | Med | 0.38 | 5.9 | 0.00 | Feb 17, 2023 | IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402. | ||
| CVE-2022-43927 | Med | 0.38 | 5.9 | 0.01 | Feb 17, 2023 | IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. | ||
| CVE-2022-43917 | Med | 0.38 | 5.9 | 0.01 | Jan 26, 2023 | IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force… | ||
| CVE-2022-39167 | Med | 0.38 | 5.9 | 0.01 | Jan 19, 2023 | IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408. | ||
| CVE-2023-22863 | Med | 0.38 | 5.9 | 0.00 | Jan 18, 2023 | IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. | ||
| CVE-2022-35646 | Med | 0.38 | 5.9 | 0.00 | Dec 22, 2022 | IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096. | ||
| CVE-2022-22461 | Med | 0.38 | 5.9 | 0.00 | Dec 22, 2022 | IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007. | ||
| CVE-2022-34361 | Med | 0.38 | 5.9 | 0.00 | Dec 6, 2022 | IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. | ||
| CVE-2022-34320 | Med | 0.38 | 5.9 | 0.00 | Nov 14, 2022 | IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464. | ||
| CVE-2022-34319 | Med | 0.38 | 5.9 | 0.00 | Nov 14, 2022 | IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463. | ||
| CVE-2022-38712 | Med | 0.38 | 5.9 | 0.00 | Nov 3, 2022 | "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762." | ||
| CVE-2022-40234 | Med | 0.38 | 5.9 | 0.01 | Sep 19, 2022 | Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can… | ||
| CVE-2022-22365 | Med | 0.38 | 5.9 | 0.01 | May 20, 2022 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904. | ||
| CVE-2020-4970 | Med | 0.38 | 5.9 | 0.01 | May 19, 2022 | IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive… | ||
| CVE-2021-39072 | Med | 0.38 | 5.9 | 0.01 | Apr 19, 2022 | IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM… | ||
| CVE-2021-39026 | Med | 0.38 | 5.9 | 0.01 | Feb 18, 2022 | IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man… | ||
| CVE-2021-29838 | Med | 0.38 | 5.9 | 0.01 | Jan 26, 2022 | IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | ||
| CVE-2021-29785 | Med | 0.38 | 5.9 | 0.01 | Jan 20, 2022 | IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.… | ||
| CVE-2021-29847 | Med | 0.38 | 5.9 | 0.01 | Dec 15, 2021 | BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID:… | ||
| CVE-2020-4496 | Med | 0.38 | 5.9 | 0.01 | Dec 13, 2021 | The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046. | ||
| CVE-2021-29779 | Med | 0.38 | 5.9 | 0.01 | Dec 1, 2021 | IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033. | ||
| CVE-2021-38978 | Med | 0.38 | 5.9 | 0.01 | Nov 15, 2021 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using… | ||
| CVE-2020-4160 | Med | 0.38 | 5.9 | 0.01 | Nov 8, 2021 | IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the… | ||
| CVE-2020-4152 | Med | 0.38 | 5.9 | 0.01 | Nov 8, 2021 | IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467. | ||
| CVE-2021-29753 | Med | 0.38 | 5.9 | 0.01 | Nov 5, 2021 | IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | ||
| CVE-2021-20369 | Med | 0.38 | 5.9 | 0.01 | Jul 13, 2021 | IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361. | ||
| CVE-2021-29692 | Med | 0.38 | 5.9 | 0.01 | May 20, 2021 | IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | ||
| CVE-2021-20564 | Med | 0.38 | 5.9 | 0.01 | May 14, 2021 | IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain… | ||
| CVE-2021-20441 | Med | 0.38 | 5.9 | 0.01 | Mar 3, 2021 | IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617. | ||
| CVE-2021-20409 | Med | 0.38 | 5.9 | 0.01 | Feb 12, 2021 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in… | ||
| CVE-2020-4816 | Med | 0.38 | 5.9 | 0.01 | Jan 27, 2021 | IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | ||
| CVE-2020-4969 | Med | 0.38 | 5.9 | 0.01 | Jan 21, 2021 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man… | ||
| CVE-2020-4893 | Med | 0.38 | 5.9 | 0.01 | Jan 7, 2021 | IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984. | ||
| CVE-2020-4841 | Med | 0.38 | 5.9 | 0.01 | Dec 21, 2020 | IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | ||
| CVE-2020-4905 | Med | 0.38 | 5.9 | 0.01 | Dec 16, 2020 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information. | ||
| CVE-2020-4126 | Med | 0.38 | 5.9 | 0.01 | Dec 1, 2020 | HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1… | ||
| CVE-2020-4783 | Med | 0.38 | 5.9 | 0.01 | Nov 23, 2020 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the… | ||
| CVE-2020-4175 | Med | 0.38 | 5.9 | 0.02 | Aug 27, 2020 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | ||
| CVE-2020-4397 | Med | 0.38 | 5.9 | 0.01 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428. | ||
| CVE-2020-4527 | Med | 0.38 | 5.9 | 0.01 | Jul 20, 2020 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to… | ||
| CVE-2020-4565 | Med | 0.38 | 5.9 | 0.01 | Jun 26, 2020 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. | ||
| CVE-2020-4413 | Med | 0.38 | 5.9 | 0.01 | Jun 24, 2020 | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | ||
| CVE-2019-4667 | Med | 0.38 | 5.9 | 0.01 | May 11, 2020 | IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | ||
| CVE-2019-4594 | Med | 0.38 | 5.9 | 0.01 | Apr 15, 2020 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | ||
| CVE-2019-4568 | Med | 0.38 | 5.9 | 0.01 | Jan 28, 2020 | IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. | ||
| CVE-2019-4102 | Med | 0.38 | 5.9 | 0.01 | Jul 1, 2019 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. | ||
| CVE-2019-4156 | Med | 0.38 | 5.9 | 0.01 | Jun 25, 2019 | IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. |
- risk 0.38cvss 5.9epss 0.00
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
- risk 0.38cvss 5.9epss 0.01
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.
- risk 0.38cvss 5.9epss 0.01
IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.
- risk 0.38cvss 5.9epss 0.00
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.
- risk 0.38cvss 5.9epss 0.01
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.
- risk 0.38cvss 5.9epss 0.01
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force…
- risk 0.38cvss 5.9epss 0.01
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.
- risk 0.38cvss 5.9epss 0.00
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.
- risk 0.38cvss 5.9epss 0.00
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.
- risk 0.38cvss 5.9epss 0.00
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.
- risk 0.38cvss 5.9epss 0.00
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
- risk 0.38cvss 5.9epss 0.00
IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.
- risk 0.38cvss 5.9epss 0.00
IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463.
- risk 0.38cvss 5.9epss 0.00
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."
- risk 0.38cvss 5.9epss 0.01
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can…
- risk 0.38cvss 5.9epss 0.01
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.
- risk 0.38cvss 5.9epss 0.01
IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive…
- risk 0.38cvss 5.9epss 0.01
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…
- risk 0.38cvss 5.9epss 0.01
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man…
- risk 0.38cvss 5.9epss 0.01
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- risk 0.38cvss 5.9epss 0.01
IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.…
- risk 0.38cvss 5.9epss 0.01
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID:…
- risk 0.38cvss 5.9epss 0.01
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.
- risk 0.38cvss 5.9epss 0.01
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033.
- risk 0.38cvss 5.9epss 0.01
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using…
- risk 0.38cvss 5.9epss 0.01
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…
- risk 0.38cvss 5.9epss 0.01
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.
- risk 0.38cvss 5.9epss 0.01
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
- risk 0.38cvss 5.9epss 0.01
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.
- risk 0.38cvss 5.9epss 0.01
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- risk 0.38cvss 5.9epss 0.01
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain…
- risk 0.38cvss 5.9epss 0.01
IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.
- risk 0.38cvss 5.9epss 0.01
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in…
- risk 0.38cvss 5.9epss 0.01
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- risk 0.38cvss 5.9epss 0.01
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man…
- risk 0.38cvss 5.9epss 0.01
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.
- risk 0.38cvss 5.9epss 0.01
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- risk 0.38cvss 5.9epss 0.01
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information.
- risk 0.38cvss 5.9epss 0.01
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1…
- risk 0.38cvss 5.9epss 0.01
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…
- risk 0.38cvss 5.9epss 0.02
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- risk 0.38cvss 5.9epss 0.01
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.
- risk 0.38cvss 5.9epss 0.01
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to…
- risk 0.38cvss 5.9epss 0.01
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935.
- risk 0.38cvss 5.9epss 0.01
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- risk 0.38cvss 5.9epss 0.01
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- risk 0.38cvss 5.9epss 0.01
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- risk 0.38cvss 5.9epss 0.01
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.
- risk 0.38cvss 5.9epss 0.01
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.
- risk 0.38cvss 5.9epss 0.01
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.
Page 43 of 166