VYPR

Vendor CVEs

IBM

All CVEs

8,278 total · sorted by risk
  • CVE-2023-40372MedOct 17, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.

  • CVE-2023-40374MedOct 16, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.

  • CVE-2023-38740MedOct 16, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.

  • CVE-2023-38728MedOct 16, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

  • CVE-2023-38720MedOct 16, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

  • CVE-2023-30987MedOct 16, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

  • CVE-2023-40367MedOct 14, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.

  • CVE-2023-30994MedOct 14, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

  • CVE-2023-43044MedSep 28, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.

  • CVE-2022-22409MedSep 8, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.

  • CVE-2022-22402MedSep 8, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: …

  • CVE-2023-32332MedSep 8, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the…

  • CVE-2023-35011MedAug 16, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID:…

  • CVE-2023-35009MedAug 16, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.

  • CVE-2023-22595MedJul 31, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2023-28530MedJul 22, 2023
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of…

  • CVE-2023-29256MedJul 10, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.

  • CVE-2023-23482MedJun 8, 2023
    risk 0.35cvss 5.4epss 0.01

    IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions…

  • CVE-2023-23480MedJun 8, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2023-33846MedJun 8, 2023
    risk 0.35cvss 5.4epss 0.01

    IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…

  • CVE-2023-24957MedMay 6, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus…

  • CVE-2022-43866MedMay 5, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2022-43919MedMay 5, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.

  • CVE-2023-27864MedApr 28, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327.

  • CVE-2020-4729MedApr 28, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that…

  • CVE-2023-27559MedApr 26, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

  • CVE-2023-2139MedApr 21, 2023
    risk 0.35cvss 5.4epss 0.00

    A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.

  • CVE-2022-33959MedApr 7, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320.

  • CVE-2023-26283MedApr 2, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2023-25924MedMar 22, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.

  • CVE-2022-46774MedMar 15, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.

  • CVE-2023-24975MedMar 10, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session…

  • CVE-2023-22860MedFeb 27, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI…

  • CVE-2023-22868MedFeb 17, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: …

  • CVE-2022-34350MedFeb 8, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the…

  • CVE-2022-47983MedFeb 1, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2022-41733MedJan 20, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583.

  • CVE-2022-22352MedJan 4, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2021-38928MedJan 4, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM…

  • CVE-2022-22449MedDec 24, 2022
    risk 0.35cvss 5.3epss 0.01

    IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: …

  • CVE-2022-34318MedDec 12, 2022
    risk 0.35cvss 5.4epss 0.01

    IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against…

  • CVE-2021-38997MedDec 12, 2022
    risk 0.35cvss 5.4epss 0.00

    IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the…

  • CVE-2022-41735MedDec 7, 2022
    risk 0.35cvss 5.4epss 0.00

    IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…

  • CVE-2022-38390MedNov 17, 2022
    risk 0.35cvss 5.4epss 0.00

    Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2022-40753MedNov 15, 2022
    risk 0.35cvss 5.4epss 0.00

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2022-34317MedNov 14, 2022
    risk 0.35cvss 5.4epss 0.00

    IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459.

  • CVE-2022-34315MedNov 14, 2022
    risk 0.35cvss 5.4epss 0.00

    IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451.

  • CVE-2022-38705MedNov 14, 2022
    risk 0.35cvss 5.3epss 0.01

    IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172.

  • CVE-2022-34329MedNov 14, 2022
    risk 0.35cvss 5.3epss 0.01

    IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467.

  • CVE-2022-40750MedNov 11, 2022
    risk 0.35cvss 5.4epss 0.00

    IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. …

Page 49 of 166