VYPR

Vendor CVEs

IBM

All CVEs

8,286 total · sorted by risk
  • CVE-2023-27557MedApr 28, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…

  • CVE-2022-34333MedApr 7, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.

  • CVE-2023-26281MedMar 1, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.

  • CVE-2022-34351MedFeb 17, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.

  • CVE-2022-43927MedFeb 17, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

  • CVE-2022-43917MedJan 26, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force…

  • CVE-2022-39167MedJan 19, 2023
    risk 0.38cvss 5.9epss 0.01

    IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.

  • CVE-2023-22863MedJan 18, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.

  • CVE-2022-35646MedDec 22, 2022
    risk 0.38cvss 5.9epss 0.00

    IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.  

  • CVE-2022-22461MedDec 22, 2022
    risk 0.38cvss 5.9epss 0.00

    IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.

  • CVE-2022-34361MedDec 6, 2022
    risk 0.38cvss 5.9epss 0.00

    IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

  • CVE-2022-34320MedNov 14, 2022
    risk 0.38cvss 5.9epss 0.00

    IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.

  • CVE-2022-34319MedNov 14, 2022
    risk 0.38cvss 5.9epss 0.00

    IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463.

  • CVE-2022-38712MedNov 3, 2022
    risk 0.38cvss 5.9epss 0.00

    "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."

  • CVE-2022-40234MedSep 19, 2022
    risk 0.38cvss 5.9epss 0.01

    Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can…

  • CVE-2022-22365MedMay 20, 2022
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

  • CVE-2020-4970MedMay 19, 2022
    risk 0.38cvss 5.9epss 0.01

    IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive…

  • CVE-2021-39072MedApr 19, 2022
    risk 0.38cvss 5.9epss 0.01

    IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…

  • CVE-2021-39026MedFeb 18, 2022
    risk 0.38cvss 5.9epss 0.01

    IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man…

  • CVE-2021-29838MedJan 26, 2022
    risk 0.38cvss 5.9epss 0.01

    IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2021-29785MedJan 20, 2022
    risk 0.38cvss 5.9epss 0.01

    IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.…

  • CVE-2021-29847MedDec 15, 2021
    risk 0.38cvss 5.9epss 0.01

    BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID:…

  • CVE-2020-4496MedDec 13, 2021
    risk 0.38cvss 5.9epss 0.01

    The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.

  • CVE-2021-29779MedDec 1, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033.

  • CVE-2021-38978MedNov 15, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using…

  • CVE-2020-4160MedNov 8, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…

  • CVE-2020-4152MedNov 8, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.

  • CVE-2021-29753MedNov 5, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

  • CVE-2021-20369MedJul 13, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.

  • CVE-2021-29692MedMay 20, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2021-20564MedMay 14, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain…

  • CVE-2021-20441MedMar 3, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.

  • CVE-2021-20409MedFeb 12, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in…

  • CVE-2020-4816MedJan 27, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2020-4969MedJan 21, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man…

  • CVE-2020-4893MedJan 7, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.

  • CVE-2020-4841MedDec 21, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2020-4905MedDec 16, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information.

  • CVE-2020-4126MedDec 1, 2020
    risk 0.38cvss 5.9epss 0.01

    HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1…

  • CVE-2020-4783MedNov 23, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…

  • CVE-2020-4175MedAug 27, 2020
    risk 0.38cvss 5.9epss 0.02

    IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2020-4397MedJul 22, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.

  • CVE-2020-4527MedJul 20, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to…

  • CVE-2020-4565MedJun 26, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935.

  • CVE-2020-4413MedJun 24, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2019-4667MedMay 11, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2019-4594MedApr 15, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2019-4568MedJan 28, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.

  • CVE-2019-4102MedJul 1, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.

  • CVE-2019-4156MedJun 25, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.

Page 43 of 166