VYPR

Vendor CVEs

IBM

All CVEs

8,286 total · sorted by risk
  • CVE-2019-4151MedJun 25, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.

  • CVE-2019-4264MedMay 29, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.

  • CVE-2018-1608MedMay 1, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798.

  • CVE-2018-2007MedApr 29, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.

  • CVE-2018-1720MedApr 25, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294.

  • CVE-2018-1925MedApr 15, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.

  • CVE-2018-1680MedApr 2, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.

  • CVE-2017-1713MedMar 21, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.

  • CVE-2019-4063MedMar 5, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008.

  • CVE-2018-1946MedFeb 21, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does…

  • CVE-2017-1695MedFeb 15, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.

  • CVE-2018-1751MedJan 23, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512.

  • CVE-2018-1887MedDec 13, 2018
    risk 0.38cvss 5.9epss 0.00

    IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of…

  • CVE-2018-1818MedDec 13, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.

  • CVE-2018-1814MedDec 13, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.

  • CVE-2018-1665MedDec 13, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM…

  • CVE-2017-1268MedDec 13, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.

  • CVE-2018-1525MedDec 6, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2018-1650MedDec 5, 2018
    risk 0.38cvss 5.9epss 0.00

    IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.

  • CVE-2018-1694MedNov 6, 2018
    risk 0.38cvss 5.9epss 0.02

    IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM…

  • CVE-2018-1724MedOct 11, 2018
    risk 0.38cvss 5.9epss 0.00

    IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. IBM X-Force ID: 147439.

  • CVE-2018-1742MedOct 8, 2018
    risk 0.38cvss 5.9epss 0.00

    IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421.

  • CVE-2017-1411MedAug 6, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.

  • CVE-2017-1366MedAug 6, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859.

  • CVE-2018-1638MedJul 31, 2018
    risk 0.38cvss 5.9epss 0.02

    IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.

  • CVE-2018-1513MedJul 23, 2018
    risk 0.38cvss 5.4epss 0.03

    IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within…

  • CVE-2018-1563MedJul 20, 2018
    risk 0.38cvss 5.4epss 0.03

    IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2017-1395MedJul 13, 2018
    risk 0.38cvss 5.9epss 0.02

    IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain…

  • CVE-2018-1543MedJun 27, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…

  • CVE-2018-1614MedJun 26, 2018
    risk 0.38cvss 5.8epss 0.03

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270.

  • CVE-2018-1454MedJun 5, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man…

  • CVE-2014-6112MedApr 20, 2018
    risk 0.38cvss 5.9epss 0.02

    IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL…

  • CVE-2014-6108MedApr 20, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted…

  • CVE-2015-4954MedMar 27, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200.

  • CVE-2018-1443MedMar 8, 2018
    risk 0.38cvss 5.9epss 0.00

    An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into…

  • CVE-2018-1425MedFeb 27, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.

  • CVE-2017-1665MedJan 4, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.

  • CVE-2017-1664MedJan 4, 2018
    risk 0.38cvss 5.9epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.

  • CVE-2017-1229MedNov 13, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in…

  • CVE-2017-1232MedOct 26, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911.

  • CVE-2017-1519MedSep 12, 2017
    risk 0.38cvss 5.9epss 0.02

    IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.

  • CVE-2016-6029MedAug 14, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information…

  • CVE-2017-1386MedJul 31, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.

  • CVE-2016-9972MedJun 27, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…

  • CVE-2017-1179MedJun 8, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.

  • CVE-2016-8962MedApr 26, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.

  • CVE-2016-3052MedFeb 22, 2017
    risk 0.38cvss 5.9epss 0.01

    Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.

  • CVE-2016-5900MedFeb 8, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man…

  • CVE-2016-6116MedFeb 2, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…

  • CVE-2016-5935MedFeb 2, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Page 44 of 166