VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2017-1201HigOct 5, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.

  • CVE-2017-1362HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.

  • CVE-2017-1452HigSep 12, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.

  • CVE-2017-1451HigSep 12, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.

  • CVE-2016-2972HigAug 29, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855.

  • CVE-2015-0114HigAug 28, 2017
    risk 0.51cvss 7.8epss 0.00

    Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1.

  • CVE-2017-1469HigAug 14, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468.

  • CVE-2017-1468HigAug 2, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467.

  • CVE-2017-1309HigJul 19, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.

  • CVE-2017-1297HigJun 27, 2017
    risk 0.51cvss 7.3epss 0.01

    IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.

  • CVE-2017-1134HigMar 20, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.

  • CVE-2016-2880HigMar 1, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.

  • CVE-2016-2879HigMar 1, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.

  • CVE-2016-0214HigFeb 8, 2017
    risk 0.51cvss 7.8epss 0.01

    IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to…

  • CVE-2017-1093HigFeb 2, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.

  • CVE-2016-9739HigFeb 1, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.

  • CVE-2016-6065HigFeb 1, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.

  • CVE-2016-5985HigFeb 1, 2017
    risk 0.51cvss 7.8epss 0.00

    The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.

  • CVE-2016-2946HigDec 1, 2016
    risk 0.51cvss 7.8epss 0.00

    Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors.

  • CVE-2016-2871HigNov 30, 2016
    risk 0.51cvss 7.8epss 0.00

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file.

  • CVE-2016-2948HigNov 30, 2016
    risk 0.51cvss 7.8epss 0.00

    IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.

  • CVE-2016-0328HigOct 22, 2016
    risk 0.51cvss 7.8epss 0.00

    IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.

  • CVE-2016-0247HigOct 22, 2016
    risk 0.51cvss 7.8epss 0.00

    IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.

  • CVE-2016-0287HigJul 8, 2016
    risk 0.51cvss 7.8epss 0.00

    IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.

  • CVE-2016-0301HigJun 26, 2016
    risk 0.51cvss 7.8epss 0.03

    Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279.

  • CVE-2016-0279HigJun 26, 2016
    risk 0.51cvss 7.8epss 0.03

    Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301.

  • CVE-2016-0278HigJun 26, 2016
    risk 0.51cvss 7.8epss 0.03

    Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301.

  • CVE-2016-0277HigJun 26, 2016
    risk 0.51cvss 7.8epss 0.03

    Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.

  • CVE-2016-0226HigMar 28, 2016
    risk 0.51cvss 7.8epss 0.00

    The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.

  • CVE-2015-7489HigJan 1, 2016
    risk 0.51cvss 7.8epss 0.00

    IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.

  • CVE-2007-5544HigOct 29, 2007
    risk 0.51cvss 7.8epss 0.00

    IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus…

  • CVE-2003-0578HigAug 18, 2003
    risk 0.51cvss 7.8epss 0.00

    cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

  • CVE-1999-0022HigJul 3, 1996
    risk 0.51cvss 7.8epss 0.01

    Local user gains root privileges via buffer overflow in rdist, via expstr() function.

  • CVE-2026-8856HigMay 26, 2026
    risk 0.50cvss 7.7epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.

  • CVE-2018-1649HigOct 5, 2018
    risk 0.50cvss 7.7epss 0.03

    IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144655.

  • CVE-2018-1448HigMar 22, 2018
    risk 0.50cvss 7.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.

  • CVE-2016-0362HigJul 1, 2016
    risk 0.50cvss 7.7epss 0.01

    IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy…

  • CVE-2016-0267HigJun 29, 2016
    risk 0.50cvss 7.7epss 0.01

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.

  • CVE-2015-7400HigJan 2, 2016
    risk 0.50cvss 7.7epss 0.03

    The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2026-4870HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.

  • CVE-2026-8180HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An…

  • CVE-2026-3366HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.01

    IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot"…

  • CVE-2026-8854HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.

  • CVE-2026-8620HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request.

  • CVE-2026-8850HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.

  • CVE-2026-3621HigApr 23, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.

  • CVE-2025-13855HigApr 1, 2026
    risk 0.49cvss 7.6epss 0.00

    IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

  • CVE-2018-1647HigOct 5, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650.

  • CVE-2018-1785HigSep 26, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.

  • CVE-2018-1545HigSep 26, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.

Page 7 of 166