VYPR

Vendor CVEs

IBM

All CVEs

8,257 total · sorted by risk
  • CVE-2023-50315MedAug 14, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714.

  • CVE-2024-38321MedAug 3, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.

  • CVE-2022-32759MedJul 25, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.

  • CVE-2023-33860MedJul 10, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the…

  • CVE-2023-33859MedJul 10, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.

  • CVE-2024-35119MedJun 30, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.

  • CVE-2024-38322MedJun 28, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.

  • CVE-2024-31883MedJun 27, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.

  • CVE-2023-29267MedJun 12, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

  • CVE-2024-28762MedJun 12, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.

  • CVE-2024-31878MedJun 7, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.

  • CVE-2023-27283MedMay 4, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.

  • CVE-2022-22364MedMay 3, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP…

  • CVE-2023-28952MedMay 3, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.

  • CVE-2021-20556MedMay 3, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

  • CVE-2023-50313MedApr 2, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.

  • CVE-2023-50959MedMar 31, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system…

  • CVE-2022-32751MedMar 22, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.

  • CVE-2023-45177MedMar 20, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.

  • CVE-2023-25681MedMar 5, 2024
    risk 0.34cvss 5.3epss 0.01

    LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single…

  • CVE-2023-38362MedMar 4, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814.

  • CVE-2022-43890MedMar 4, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453.

  • CVE-2023-50312MedMar 1, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.

  • CVE-2023-50324MedMar 1, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038.

  • CVE-2023-30996MedFeb 26, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.

  • CVE-2023-46186MedFeb 14, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929.

  • CVE-2023-46183MedFeb 6, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.

  • CVE-2023-33851MedFeb 4, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135.

  • CVE-2023-47148MedFeb 2, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.

  • CVE-2023-50934MedFeb 2, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.

  • CVE-2023-50940MedFeb 2, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.

  • CVE-2023-50327MedFeb 2, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.

  • CVE-2023-47741MedDec 18, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this…

  • CVE-2022-43889MedOct 17, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240452.

  • CVE-2022-22386MedOct 17, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…

  • CVE-2021-20581MedOct 17, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 199324.

  • CVE-2022-22377MedOct 17, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…

  • CVE-2023-33836MedOct 16, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.

  • CVE-2022-43868MedOct 14, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.

  • CVE-2022-33161MedOct 14, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2023-43058MedOct 6, 2023
    risk 0.34cvss 5.3epss 0.01

    IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.

  • CVE-2023-40376MedOct 4, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.

  • CVE-2023-35906MedSep 5, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.

  • CVE-2023-26272MedAug 28, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the…

  • CVE-2023-26271MedAug 28, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.

  • CVE-2023-24959MedAug 28, 2023
    risk 0.34cvss 5.3epss 0.01

    IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.

  • CVE-2023-23473MedAug 28, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.

  • CVE-2023-30437MedAug 27, 2023
    risk 0.34cvss 5.3epss 0.01

    IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.

  • CVE-2023-27877MedJul 19, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.

  • CVE-2023-26026MedJul 19, 2023
    risk 0.34cvss 5.3epss 0.00

    Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

Page 85 of 166