VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2017-1794HigSep 19, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.

  • CVE-2018-9068HigJul 26, 2018
    risk 0.49cvss 7.5epss 0.01

    The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier…

  • CVE-2013-2972HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.02

    IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868.

  • CVE-2013-0589HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.02

    IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.

  • CVE-2013-3017HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.02

    IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353.

  • CVE-2013-3001HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127.

  • CVE-2018-1462HigMay 17, 2018
    risk 0.49cvss 7.6epss 0.01

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access…

  • CVE-2018-1438HigMay 17, 2018
    risk 0.49cvss 7.5epss 0.02

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on…

  • CVE-2018-1433HigMay 17, 2018
    risk 0.49cvss 7.5epss 0.03

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from…

  • CVE-2017-1255HigMay 2, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675.

  • CVE-2017-1473HigApr 23, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.

  • CVE-2015-0172HigApr 10, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927.

  • CVE-2018-1373HigMar 2, 2018
    risk 0.49cvss 7.5epss 0.03

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773.

  • CVE-2018-1388HigFeb 7, 2018
    risk 0.49cvss 7.5epss 0.02

    GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.

  • CVE-2016-0312HigFeb 2, 2018
    risk 0.49cvss 7.5epss 0.02

    IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486.

  • CVE-2017-1671HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.03

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.

  • CVE-2017-1598HigDec 20, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.

  • CVE-2017-1271HigDec 7, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is…

  • CVE-2017-1583HigOct 24, 2017
    risk 0.49cvss 7.5epss 0.03

    IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF.

  • CVE-2017-1523HigOct 24, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892.

  • CVE-2017-1375HigOct 24, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868.

  • CVE-2017-1210HigOct 24, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850.

  • CVE-2017-1569HigOct 3, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.

  • CVE-2017-1577HigSep 28, 2017
    risk 0.49cvss 7.5epss 0.03

    IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

  • CVE-2017-1162HigSep 12, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957.

  • CVE-2017-1491HigSep 5, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to…

  • CVE-2017-1118HigAug 2, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. IBM X-Force ID: 121156.

  • CVE-2017-1460HigJul 31, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379.

  • CVE-2017-1227HigJul 31, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906.

  • CVE-2017-1267HigJul 21, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742.

  • CVE-2017-1224HigJul 19, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903.

  • CVE-2017-1183HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.

  • CVE-2017-1182HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.09

    IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.

  • CVE-2016-8951HigJul 13, 2017
    risk 0.49cvss 7.5epss 0.03

    IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838.

  • CVE-2017-1264HigJul 5, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739.

  • CVE-2016-9738HigJun 27, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783.

  • CVE-2017-1379HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002.

  • CVE-2017-1319HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.

  • CVE-2016-2930HigMay 3, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512.

  • CVE-2016-3036HigApr 17, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612.

  • CVE-2016-9740HigMar 7, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556.

  • CVE-2016-9728HigMar 7, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543.

  • CVE-2016-5919HigFeb 16, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.

  • CVE-2016-9008HigFeb 1, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.

  • CVE-2016-8930HigFeb 1, 2017
    risk 0.49cvss 7.6epss 0.01

    IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

  • CVE-2016-8928HigFeb 1, 2017
    risk 0.49cvss 7.6epss 0.01

    IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

  • CVE-2016-8919HigFeb 1, 2017
    risk 0.49cvss 7.5epss 0.03

    IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.

  • CVE-2016-6068HigFeb 1, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.

  • CVE-2016-2942HigFeb 1, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.

  • CVE-2016-5958HigFeb 1, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this…

Page 8 of 166