Vendor CVEs
IBM
All CVEs
8,257 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1000 | Med | 0.34 | 5.3 | 0.00 | May 5, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting. | ||
| CVE-2025-0915 | Med | 0.34 | 5.3 | 0.00 | May 5, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources. | ||
| CVE-2025-1992 | Med | 0.34 | 5.3 | 0.00 | May 5, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage. | ||
| CVE-2024-55913 | Med | 0.34 | 5.3 | 0.00 | May 2, 2025 | IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||
| CVE-2024-52903 | Med | 0.34 | 5.3 | 0.00 | May 1, 2025 | IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||
| CVE-2022-43852 | Med | 0.34 | 5.3 | 0.00 | Apr 14, 2025 | IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. | ||
| CVE-2025-0154 | Med | 0.34 | 5.3 | 0.00 | Apr 2, 2025 | IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers. | ||
| CVE-2024-56476 | Med | 0.34 | 5.3 | 0.00 | Apr 2, 2025 | IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy. | ||
| CVE-2024-43186 | Med | 0.34 | 5.3 | 0.00 | Mar 29, 2025 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | ||
| CVE-2024-47109 | Med | 0.34 | 5.3 | 0.00 | Mar 10, 2025 | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. | ||
| CVE-2023-43052 | Med | 0.34 | 5.3 | 0.00 | Mar 7, 2025 | IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests… | ||
| CVE-2024-41778 | Med | 0.34 | 5.3 | 0.00 | Mar 1, 2025 | IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||
| CVE-2024-22341 | Med | 0.34 | 5.3 | 0.00 | Feb 22, 2025 | IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. | ||
| CVE-2024-49780 | Med | 0.34 | 5.3 | 0.01 | Feb 20, 2025 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file… | ||
| CVE-2024-49355 | Med | 0.34 | 5.3 | 0.00 | Feb 20, 2025 | IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. | ||
| CVE-2024-56473 | Med | 0.34 | 5.3 | 0.00 | Feb 5, 2025 | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. | ||
| CVE-2024-45659 | Med | 0.34 | 5.3 | 0.00 | Feb 4, 2025 | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||
| CVE-2023-37413 | Med | 0.34 | 5.3 | 0.00 | Jan 29, 2025 | IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. | ||
| CVE-2024-27263 | Med | 0.34 | 5.3 | 0.00 | Jan 28, 2025 | IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. | ||
| CVE-2024-35150 | Med | 0.34 | 5.3 | 0.00 | Jan 25, 2025 | IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. | ||
| CVE-2024-35144 | Med | 0.34 | 5.3 | 0.00 | Jan 25, 2025 | IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. | ||
| CVE-2024-35134 | Med | 0.34 | 5.3 | 0.00 | Jan 25, 2025 | IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||
| CVE-2024-35114 | Med | 0.34 | 5.3 | 0.00 | Jan 25, 2025 | IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | ||
| CVE-2023-38716 | Med | 0.34 | 5.3 | 0.00 | Jan 25, 2025 | IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system. | ||
| CVE-2023-38714 | Med | 0.34 | 5.3 | 0.00 | Jan 25, 2025 | IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system. | ||
| CVE-2023-38713 | Med | 0.34 | 5.3 | 0.00 | Jan 25, 2025 | IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system. | ||
| CVE-2023-38013 | Med | 0.34 | 5.3 | 0.00 | Jan 25, 2025 | IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system. | ||
| CVE-2023-38012 | Med | 0.34 | 5.3 | 0.00 | Jan 25, 2025 | IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary… | ||
| CVE-2024-40706 | Med | 0.34 | 5.3 | 0.00 | Jan 24, 2025 | IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. | ||
| CVE-2024-22348 | Med | 0.34 | 5.3 | 0.00 | Jan 20, 2025 | IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | ||
| CVE-2024-49354 | Med | 0.34 | 5.3 | 0.00 | Jan 18, 2025 | IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. | ||
| CVE-2024-47106 | Med | 0.34 | 5.3 | 0.00 | Jan 18, 2025 | IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system. | ||
| CVE-2024-45640 | Med | 0.34 | 5.3 | 0.00 | Jan 7, 2025 | IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. | ||
| CVE-2024-52893 | Med | 0.34 | 5.3 | 0.00 | Jan 7, 2025 | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||
| CVE-2024-52367 | Med | 0.34 | 5.3 | 0.00 | Jan 7, 2025 | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | ||
| CVE-2024-39725 | Med | 0.34 | 5.3 | 0.00 | Dec 25, 2024 | IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||
| CVE-2024-51471 | Med | 0.34 | 5.3 | 0.00 | Dec 19, 2024 | IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. | ||
| CVE-2023-30443 | Med | 0.34 | 5.3 | 0.00 | Dec 19, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | ||
| CVE-2021-29827 | Med | 0.34 | 5.2 | 0.00 | Dec 19, 2024 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch… | ||
| CVE-2024-41762 | Med | 0.34 | 5.3 | 0.00 | Dec 7, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||
| CVE-2024-37071 | Med | 0.34 | 5.3 | 0.00 | Dec 7, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. | ||
| CVE-2024-25035 | Med | 0.34 | 5.3 | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. | ||
| CVE-2023-26280 | Med | 0.34 | 5.3 | 0.00 | Nov 25, 2024 | IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control. | ||
| CVE-2024-41761 | Med | 0.34 | 5.3 | 0.00 | Nov 23, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||
| CVE-2024-45642 | Med | 0.34 | 5.3 | 0.00 | Nov 14, 2024 | IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||
| CVE-2024-41741 | Med | 0.34 | 5.3 | 0.00 | Nov 1, 2024 | IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. | ||
| CVE-2024-31880 | Med | 0.34 | 5.3 | 0.00 | Oct 23, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | ||
| CVE-2024-35136 | Med | 0.34 | 5.3 | 0.01 | Aug 14, 2024 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307. | ||
| CVE-2024-31882 | Med | 0.34 | 5.3 | 0.01 | Aug 14, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: … | ||
| CVE-2023-50314 | Med | 0.34 | 5.3 | 0.00 | Aug 14, 2024 | IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. … |
- risk 0.34cvss 5.3epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.
- risk 0.34cvss 5.3epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.
- risk 0.34cvss 5.3epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.
- risk 0.34cvss 5.3epss 0.00
IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
- risk 0.34cvss 5.3epss 0.00
IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- risk 0.34cvss 5.3epss 0.00
IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.
- risk 0.34cvss 5.3epss 0.00
IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy.
- risk 0.34cvss 5.3epss 0.00
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
- risk 0.34cvss 5.3epss 0.00
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests…
- risk 0.34cvss 5.3epss 0.00
IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
- risk 0.34cvss 5.3epss 0.00
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.
- risk 0.34cvss 5.3epss 0.01
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file…
- risk 0.34cvss 5.3epss 0.00
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.
- risk 0.34cvss 5.3epss 0.00
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.
- risk 0.34cvss 5.3epss 0.00
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
- risk 0.34cvss 5.3epss 0.00
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques.
- risk 0.34cvss 5.3epss 0.00
IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.
- risk 0.34cvss 5.3epss 0.00
IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
- risk 0.34cvss 5.3epss 0.00
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary…
- risk 0.34cvss 5.3epss 0.00
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
- risk 0.34cvss 5.3epss 0.00
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.
- risk 0.34cvss 5.3epss 0.00
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.
- risk 0.34cvss 5.3epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.
- risk 0.34cvss 5.2epss 0.00
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…
- risk 0.34cvss 5.3epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- risk 0.34cvss 5.3epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
- risk 0.34cvss 5.3epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.
- risk 0.34cvss 5.3epss 0.00
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.
- risk 0.34cvss 5.3epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- risk 0.34cvss 5.3epss 0.00
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- risk 0.34cvss 5.3epss 0.00
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.
- risk 0.34cvss 5.3epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
- risk 0.34cvss 5.3epss 0.01
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.
- risk 0.34cvss 5.3epss 0.01
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: …
- risk 0.34cvss 5.3epss 0.00
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. …
Page 84 of 166