VYPR

Vendor CVEs

IBM

All CVEs

8,284 total · sorted by risk
  • CVE-2016-5966MedFeb 1, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using…

  • CVE-2016-3043MedFeb 1, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2016-2927MedNov 25, 2016
    risk 0.38cvss 5.9epss 0.01

    IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

  • CVE-2016-6025MedOct 6, 2016
    risk 0.38cvss 5.9epss 0.00

    The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.

  • CVE-2016-0397MedAug 30, 2016
    risk 0.38cvss 5.9epss 0.01

    WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

  • CVE-2016-0365MedJul 1, 2016
    risk 0.38cvss 5.9epss 0.01

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.

  • CVE-2016-0306MedMay 17, 2016
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-7488MedJan 27, 2016
    risk 0.38cvss 5.9epss 0.00

    IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.

  • CVE-2023-38735MedOct 22, 2023
    risk 0.37cvss 5.7epss 0.01

    IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.

  • CVE-2020-4927MedMar 15, 2023
    risk 0.37cvss 5.7epss 0.00

    A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.

  • CVE-2022-43901MedDec 1, 2022
    risk 0.37cvss 5.7epss 0.00

    IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components.…

  • CVE-2019-4425MedAug 20, 2019
    risk 0.37cvss 5.7epss 0.01

    IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.

  • CVE-2017-1721MedApr 26, 2018
    risk 0.37cvss 5.6epss 0.01

    IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.

  • CVE-2016-9719MedJul 31, 2017
    risk 0.37cvss 5.7epss 0.01

    IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the…

  • CVE-2017-1214MedJun 12, 2017
    risk 0.37cvss 5.7epss 0.01

    IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

  • CVE-2016-3037MedApr 17, 2017
    risk 0.37cvss 5.7epss 0.01

    IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.

  • CVE-2016-5941MedFeb 1, 2017
    risk 0.37cvss 5.7epss 0.02

    IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

  • CVE-2016-3060MedOct 29, 2016
    risk 0.37cvss 5.7epss 0.01

    Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

  • CVE-2016-5947MedSep 26, 2016
    risk 0.37cvss 5.7epss 0.01

    IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

  • CVE-2016-0339MedJul 15, 2016
    risk 0.37cvss 5.6epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."

  • CVE-2016-0264MedMay 24, 2016
    risk 0.37cvss 5.6epss 0.04

    Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute…

  • CVE-2026-6053MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.

  • CVE-2026-6051MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.

  • CVE-2026-5515MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2025-13755MedMay 26, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2026-4918MedApr 23, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2025-36074MedApr 23, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing…

  • CVE-2025-66484MedApr 1, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2022-32755MedOct 14, 2023
    risk 0.36cvss 5.5epss 0.01

    IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.

  • CVE-2023-30436MedAug 27, 2023
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. …

  • CVE-2023-28529MedMay 19, 2023
    risk 0.36cvss 5.5epss 0.00

    IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. …

  • CVE-2023-22874MedMay 5, 2023
    risk 0.36cvss 5.5epss 0.00

    IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.

  • CVE-2022-35281MedJan 9, 2023
    risk 0.36cvss 5.5epss 0.01

    IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.

  • CVE-2022-22371MedJan 5, 2023
    risk 0.36cvss 5.5epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195.

  • CVE-2022-34331MedNov 11, 2022
    risk 0.36cvss 5.5epss 0.00

    After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.

  • CVE-2022-38388MedOct 11, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.

  • CVE-2022-34308MedOct 7, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437.

  • CVE-2022-30613MedOct 7, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.

  • CVE-2015-1931MedSep 29, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain…

  • CVE-2022-22423MedSep 23, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.

  • CVE-2021-39045MedSep 1, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.

  • CVE-2021-39009MedSep 1, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

  • CVE-2022-34164MedAug 1, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338.

  • CVE-2022-22424MedJul 20, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.

  • CVE-2020-4138MedJul 11, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.

  • CVE-2022-22367MedJul 1, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.

  • CVE-2022-22478MedJun 30, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.

  • CVE-2022-22414MedJun 20, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026.

  • CVE-2022-22444MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444.

  • CVE-2022-22484MedMay 17, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker…

Page 45 of 166