VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2018-1789HigSep 7, 2018
    risk 0.55cvss 8.4epss 0.01

    IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

  • CVE-2018-1566HigJul 10, 2018
    risk 0.55cvss 8.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

  • CVE-2018-1487HigJul 10, 2018
    risk 0.55cvss 8.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID:…

  • CVE-2018-1460HigJun 15, 2018
    risk 0.55cvss 8.4epss 0.01

    IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211.

  • CVE-2017-1350HigJun 5, 2018
    risk 0.55cvss 8.4epss 0.00

    IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526.

  • CVE-2018-1565HigMay 25, 2018
    risk 0.55cvss 8.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.

  • CVE-2018-1544HigMay 25, 2018
    risk 0.55cvss 8.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.

  • CVE-2018-1488HigMay 25, 2018
    risk 0.55cvss 8.4epss 0.01

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.

  • CVE-2016-9976HigMay 3, 2017
    risk 0.55cvss 8.4epss 0.02

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.

  • CVE-2016-9727HigMar 7, 2017
    risk 0.55cvss 8.5epss 0.02

    IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.

  • CVE-2016-2988HigNov 25, 2016
    risk 0.55cvss 8.5epss 0.01

    IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by…

  • CVE-2016-0392HigJun 19, 2016
    risk 0.55cvss 8.4epss 0.01

    IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a…

  • CVE-2015-7430HigJan 2, 2016
    risk 0.55cvss 8.4epss 0.01

    The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.

  • CVE-2015-7429HigJan 2, 2016
    risk 0.55cvss 8.5epss 0.01

    The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1…

  • CVE-2017-1289HigMay 22, 2017
    risk 0.54cvss 8.2epss 0.04

    IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.

  • CVE-2016-8972HigFeb 15, 2017
    risk 0.54cvss 7.8epss 0.01

    IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

  • CVE-2016-6079HigFeb 15, 2017
    risk 0.54cvss 7.8epss 0.02

    IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

  • CVE-2016-3053HigFeb 1, 2017
    risk 0.54cvss 7.8epss 0.02

    IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.

  • CVE-2026-8855HigMay 26, 2026
    risk 0.53cvss 8.1epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

  • CVE-2026-4101HigApr 1, 2026
    risk 0.53cvss 8.1epss 0.00

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker…

  • CVE-2025-0248HigNov 25, 2025
    risk 0.53cvss 8.1epss 0.00

    HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the security context of the…

  • CVE-2024-23733HigJan 29, 2025
    risk 0.53cvss 7.5epss 0.02

    The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank…

  • CVE-2018-1756HigSep 7, 2018
    risk 0.53cvss 7.5epss 0.11

    IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599.

  • CVE-2013-3023HigMay 24, 2018
    risk 0.53cvss 8.1epss 0.02

    IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.

  • CVE-2014-0927HigApr 20, 2018
    risk 0.53cvss 8.1epss 0.02

    The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259.

  • CVE-2016-0235HigMar 12, 2018
    risk 0.53cvss 8.2epss 0.00

    IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326.

  • CVE-2018-1417HigFeb 22, 2018
    risk 0.53cvss 8.1epss 0.02

    Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.

  • CVE-2018-1364HigJan 29, 2018
    risk 0.53cvss 8.2epss 0.02

    IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.

  • CVE-2016-2983HigJan 26, 2018
    risk 0.53cvss 8.1epss 0.02

    IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.

  • CVE-2017-1666HigJan 9, 2018
    risk 0.53cvss 8.1epss 0.02

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540.

  • CVE-2017-1694HigDec 20, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.

  • CVE-2017-1477HigNov 13, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612.

  • CVE-2017-1527HigSep 26, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.

  • CVE-2017-1458HigSep 5, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.

  • CVE-2017-1192HigAug 10, 2017
    risk 0.53cvss 8.2epss 0.02

    IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663.

  • CVE-2017-3752HigAug 9, 2017
    risk 0.53cvss 8.2epss 0.00

    An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of…

  • CVE-2017-1467HigAug 2, 2017
    risk 0.53cvss 8.1epss 0.02

    A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466.

  • CVE-2016-9981HigAug 2, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257

  • CVE-2017-1337HigJul 10, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.

  • CVE-2017-1322HigJun 27, 2017
    risk 0.53cvss 8.2epss 0.02

    IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.

  • CVE-2016-9698HigJun 8, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory…

  • CVE-2016-6098HigJun 8, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

  • CVE-2017-1137HigMay 10, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.

  • CVE-2017-1103HigMay 10, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM…

  • CVE-2017-1149HigApr 25, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available…

  • CVE-2016-9707HigMar 31, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM…

  • CVE-2017-1151HigMar 20, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.

  • CVE-2016-9724HigMar 7, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM…

  • CVE-2016-8974HigFeb 23, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory…

  • CVE-2016-6105HigFeb 1, 2017
    risk 0.53cvss 8.2epss 0.02

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.

Page 5 of 166