VYPR

Vendor CVEs

IBM

All CVEs

8,279 total · sorted by risk
  • CVE-2020-4224MedFeb 3, 2020
    risk 0.36cvss 5.5epss 0.00

    IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.

  • CVE-2019-4335MedDec 30, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413.

  • CVE-2019-4444MedDec 16, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.

  • CVE-2019-15363MedNov 14, 2019
    risk 0.36cvss 5.5epss 0.00

    The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the…

  • CVE-2019-4309MedOct 29, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.

  • CVE-2019-4307MedOct 29, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.

  • CVE-2019-4566MedSep 24, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.

  • CVE-2019-4049MedAug 20, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.

  • CVE-2019-4275MedAug 2, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296.

  • CVE-2019-4116MedJul 25, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115.

  • CVE-2019-4299MedJul 1, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.

  • CVE-2019-4101MedJul 1, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID:…

  • CVE-2019-4381MedJun 14, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159.

  • CVE-2019-4239MedJun 14, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.

  • CVE-2019-4220MedJun 6, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.

  • CVE-2019-4039MedMay 23, 2019
    risk 0.36cvss 5.5epss 0.00

    IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.

  • CVE-2019-4259MedMay 13, 2019
    risk 0.36cvss 5.5epss 0.00

    A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.

  • CVE-2019-4143MedApr 8, 2019
    risk 0.36cvss 5.5epss 0.00

    The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.

  • CVE-2018-1890MedMar 11, 2019
    risk 0.36cvss 5.6epss 0.00

    IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.

  • CVE-2018-1552MedNov 2, 2018
    risk 0.36cvss 5.5epss 0.03

    IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to…

  • CVE-2018-1783MedOct 5, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.

  • CVE-2018-1768MedSep 26, 2018
    risk 0.36cvss 5.6epss 0.00

    IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.

  • CVE-2018-1685MedSep 21, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.

  • CVE-2017-1679MedSep 10, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.

  • CVE-2018-1452MedMay 25, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.

  • CVE-2018-1451MedMay 25, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.

  • CVE-2018-1450MedMay 25, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045.

  • CVE-2018-1449MedMay 25, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.

  • CVE-2013-4040MedMay 1, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force…

  • CVE-2016-0237MedMar 12, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328.

  • CVE-2017-1784MedJan 29, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.

  • CVE-2017-1693MedJan 19, 2018
    risk 0.36cvss 5.6epss 0.01

    IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.

  • CVE-2017-1596MedDec 20, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.

  • CVE-2017-1595MedDec 20, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.

  • CVE-2017-1301MedOct 5, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various…

  • CVE-2017-1352MedSep 12, 2017
    risk 0.36cvss 5.5epss 0.01

    IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.

  • CVE-2017-1441MedAug 30, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106.

  • CVE-2016-0354MedAug 29, 2017
    risk 0.36cvss 5.5epss 0.01

    IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.

  • CVE-2017-1207MedJul 5, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

  • CVE-2017-1349MedJun 23, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.

  • CVE-2017-1302MedJun 23, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.

  • CVE-2016-5893MedJun 23, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.

  • CVE-2016-8939MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.

  • CVE-2016-6089MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.

  • CVE-2016-5960MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.

  • CVE-2016-8916MedMay 5, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.

  • CVE-2016-8924MedApr 26, 2017
    risk 0.36cvss 5.6epss 0.01

    IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID:…

  • CVE-2016-9985MedMar 8, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

  • CVE-2016-8944MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.

  • CVE-2016-0203MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.

Page 47 of 166