VYPR

Vendor CVEs

IBM

All CVEs

8,257 total · sorted by risk
  • CVE-2023-33857MedJul 17, 2023
    risk 0.34cvss 5.3epss 0.01

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695.

  • CVE-2022-33163MedJun 15, 2023
    risk 0.34cvss 5.3epss 0.01

    IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.

  • CVE-2022-33159MedJun 15, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.

  • CVE-2023-27860MedApr 27, 2023
    risk 0.34cvss 5.3epss 0.01

    IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207.

  • CVE-2022-41734MedFeb 17, 2023
    risk 0.34cvss 5.3epss 0.01

    IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.

  • CVE-2022-43922MedFeb 1, 2023
    risk 0.34cvss 5.3epss 0.00

    IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.

  • CVE-2022-22457MedDec 22, 2022
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.

  • CVE-2022-43872MedDec 20, 2022
    risk 0.34cvss 5.3epss 0.00

    IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

  • CVE-2022-43887MedDec 19, 2022
    risk 0.34cvss 5.3epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

  • CVE-2022-43900MedDec 1, 2022
    risk 0.34cvss 5.3epss 0.00

    IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.

  • CVE-2022-38710MedNov 3, 2022
    risk 0.34cvss 5.3epss 0.00

    IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292.

  • CVE-2022-36774MedOct 6, 2022
    risk 0.34cvss 5.3epss 0.00

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575.

  • CVE-2021-39020MedMay 5, 2022
    risk 0.34cvss 5.3epss 0.00

    IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.

  • CVE-2021-39025MedMar 10, 2022
    risk 0.34cvss 5.3epss 0.01

    IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863.

  • CVE-2021-39021MedFeb 2, 2022
    risk 0.34cvss 5.3epss 0.01

    IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856.

  • CVE-2021-20349MedAug 9, 2021
    risk 0.34cvss 5.3epss 0.00

    IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599.

  • CVE-2020-4791MedFeb 9, 2021
    risk 0.34cvss 5.3epss 0.00

    IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379.

  • CVE-2019-4687MedJan 13, 2021
    risk 0.34cvss 5.3epss 0.00

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.

  • CVE-2020-4740MedOct 12, 2020
    risk 0.34cvss 5.2epss 0.01

    IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150.

  • CVE-2020-4699MedOct 12, 2020
    risk 0.34cvss 5.3epss 0.00

    IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.

  • CVE-2020-4661MedOct 12, 2020
    risk 0.34cvss 5.3epss 0.00

    IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.

  • CVE-2020-4660MedOct 12, 2020
    risk 0.34cvss 5.3epss 0.00

    IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.

  • CVE-2019-4686MedAug 26, 2020
    risk 0.34cvss 5.3epss 0.00

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie…

  • CVE-2019-4703MedFeb 24, 2020
    risk 0.34cvss 5.3epss 0.00

    IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.

  • CVE-2019-4133MedAug 29, 2019
    risk 0.34cvss 5.2epss 0.00

    IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278.

  • CVE-2019-4439MedJul 25, 2019
    risk 0.34cvss 5.3epss 0.00

    IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.

  • CVE-2014-0841MedApr 27, 2018
    risk 0.34cvss 5.3epss 0.00

    IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.

  • CVE-2017-1720MedFeb 13, 2018
    risk 0.34cvss 5.3epss 0.00

    IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.

  • CVE-2017-1170MedApr 26, 2017
    risk 0.34cvss 5.3epss 0.00

    IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.

  • CVE-2016-6026MedOct 6, 2016
    risk 0.34cvss 5.3epss 0.00

    The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.

  • CVE-2026-2607MedMay 27, 2026
    risk 0.33cvss 5.1epss 0.00

    IBM MQ Operator SC2: v3.2.0 through 3.2.23CD:  v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1,…

  • CVE-2026-0977MedMar 16, 2026
    risk 0.33cvss 5.1epss 0.00

    IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls.

  • CVE-2025-13491MedFeb 5, 2026
    risk 0.33cvss 5.1epss 0.00

    IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.

  • CVE-2025-36158MedNov 20, 2025
    risk 0.33cvss 5.1epss 0.00

    IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying.

  • CVE-2025-36136MedNov 7, 2025
    risk 0.33cvss 5.1epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific…

  • CVE-2023-50300MedOct 1, 2025
    risk 0.33cvss 5.1epss 0.00

    IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.

  • CVE-2025-36100MedSep 7, 2025
    risk 0.33cvss 5.1epss 0.00

    IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0  Java and JMS stores a password in client configuration files when trace is enabled which can…

  • CVE-2025-1993MedMay 9, 2025
    risk 0.33cvss 5.1epss 0.00

    IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by…

  • CVE-2024-45657MedFeb 4, 2025
    risk 0.33cvss 5.0epss 0.00

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

  • CVE-2024-41781MedNov 22, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains…

  • CVE-2024-22326MedJun 6, 2024
    risk 0.33cvss 5.0epss 0.00

    IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.   IBM X-Force ID: 279518.

  • CVE-2023-38002MedApr 30, 2024
    risk 0.33cvss 5.0epss 0.00

    IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.

  • CVE-2024-26847MedApr 17, 2024
    risk 0.33cvss 5.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: …

  • CVE-2023-43043MedMar 13, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875.

  • CVE-2023-50305MedMar 1, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

  • CVE-2024-22337MedFeb 17, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.

  • CVE-2024-22336MedFeb 17, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.

  • CVE-2024-22335MedFeb 17, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.

  • CVE-2023-45190MedFeb 9, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting,…

  • CVE-2023-31002MedFeb 7, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.

Page 86 of 166