VYPR

Vendor CVEs

IBM

All CVEs

8,257 total · sorted by risk
  • CVE-2025-1000MedMay 5, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

  • CVE-2025-0915MedMay 5, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.

  • CVE-2025-1992MedMay 5, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.

  • CVE-2024-55913MedMay 2, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2024-52903MedMay 1, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

  • CVE-2022-43852MedApr 14, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.

  • CVE-2025-0154MedApr 2, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.

  • CVE-2024-56476MedApr 2, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy.

  • CVE-2024-43186MedMar 29, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.

  • CVE-2024-47109MedMar 10, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.

  • CVE-2023-43052MedMar 7, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests…

  • CVE-2024-41778MedMar 1, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

  • CVE-2024-22341MedFeb 22, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.

  • CVE-2024-49780MedFeb 20, 2025
    risk 0.34cvss 5.3epss 0.01

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file…

  • CVE-2024-49355MedFeb 20, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.

  • CVE-2024-56473MedFeb 5, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.

  • CVE-2024-45659MedFeb 4, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2023-37413MedJan 29, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.

  • CVE-2024-27263MedJan 28, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques.

  • CVE-2024-35150MedJan 25, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.

  • CVE-2024-35144MedJan 25, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.

  • CVE-2024-35134MedJan 25, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-35114MedJan 25, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.

  • CVE-2023-38716MedJan 25, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.

  • CVE-2023-38714MedJan 25, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.

  • CVE-2023-38713MedJan 25, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.

  • CVE-2023-38013MedJan 25, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.

  • CVE-2023-38012MedJan 25, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary…

  • CVE-2024-40706MedJan 24, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.

  • CVE-2024-22348MedJan 20, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

  • CVE-2024-49354MedJan 18, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.

  • CVE-2024-47106MedJan 18, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.

  • CVE-2024-45640MedJan 7, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.

  • CVE-2024-52893MedJan 7, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3  could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-52367MedJan 7, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

  • CVE-2024-39725MedDec 25, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-51471MedDec 19, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.

  • CVE-2023-30443MedDec 19, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

  • CVE-2021-29827MedDec 19, 2024
    risk 0.34cvss 5.2epss 0.00

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…

  • CVE-2024-41762MedDec 7, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

  • CVE-2024-37071MedDec 7, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.

  • CVE-2024-25035MedDec 3, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.

  • CVE-2023-26280MedNov 25, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.

  • CVE-2024-41761MedNov 23, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

  • CVE-2024-45642MedNov 14, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2024-41741MedNov 1, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.

  • CVE-2024-31880MedOct 23, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.

  • CVE-2024-35136MedAug 14, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

  • CVE-2024-31882MedAug 14, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: …

  • CVE-2023-50314MedAug 14, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. …

Page 84 of 166