VYPR

Vendor CVEs

IBM

All CVEs

8,258 total · sorted by risk
  • CVE-2023-31002MedFeb 7, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.

  • CVE-2023-31001MedJan 11, 2024
    risk 0.33cvss 5.1epss 0.00

    IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.

  • CVE-2022-22380MedOct 17, 2023
    risk 0.33cvss 5.0epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957.

  • CVE-2023-38719MedOct 17, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.

  • CVE-2023-29261MedSep 5, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

  • CVE-2023-32338MedSep 5, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

  • CVE-2023-35890MedJul 7, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.

  • CVE-2023-23468MedJun 27, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.

  • CVE-2023-28950MedMay 19, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.

  • CVE-2022-43877MedMay 6, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.

  • CVE-2023-27555MedApr 28, 2023
    risk 0.33cvss 5.1epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

  • CVE-2022-38391MedDec 20, 2022
    risk 0.33cvss 5.1epss 0.00

    IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.

  • CVE-2022-35719MedNov 14, 2022
    risk 0.33cvss 5.1epss 0.00

    IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.

  • CVE-2021-39027MedMay 6, 2022
    risk 0.33cvss 5.0epss 0.00

    IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force…

  • CVE-2003-5003MedMar 28, 2022
    risk 0.33cvss 5.0epss 0.00

    A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to…

  • CVE-2021-29763MedSep 16, 2021
    risk 0.33cvss 5.1epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

  • CVE-2018-1787MedApr 8, 2019
    risk 0.33cvss 5.1epss 0.00

    IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872.

  • CVE-2018-1944MedFeb 21, 2019
    risk 0.33cvss 5.1epss 0.01

    IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of…

  • CVE-2018-1959MedJan 24, 2019
    risk 0.33cvss 5.1epss 0.00

    IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633.

  • CVE-2018-1677MedDec 20, 2018
    risk 0.33cvss 5.1epss 0.00

    IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID:…

  • CVE-2018-1901MedDec 12, 2018
    risk 0.33cvss 5.0epss 0.01

    IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530.

  • CVE-2018-1672MedOct 1, 2018
    risk 0.33cvss 5.0epss 0.01

    IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.

  • CVE-2018-1800MedSep 20, 2018
    risk 0.33cvss 5.1epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring. IBM X-Force ID: 149607.

  • CVE-2017-1575MedJul 20, 2018
    risk 0.33cvss 5.1epss 0.00

    IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032.

  • CVE-2018-1447MedApr 4, 2018
    risk 0.33cvss 5.1epss 0.01

    The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer…

  • CVE-2017-1571MedMar 22, 2018
    risk 0.33cvss 5.1epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.

  • CVE-2018-1362MedJan 19, 2018
    risk 0.33cvss 5.0epss 0.01

    IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380.

  • CVE-2017-1340MedNov 1, 2017
    risk 0.33cvss 5.0epss 0.01

    IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.

  • CVE-2016-5894MedMar 8, 2017
    risk 0.33cvss 5.1epss 0.00

    IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.

  • CVE-2016-6040MedFeb 1, 2017
    risk 0.33cvss 5.0epss 0.01

    IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.

  • CVE-2016-0318MedNov 25, 2016
    risk 0.33cvss 5.0epss 0.01

    Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.

  • CVE-2016-0252MedJul 8, 2016
    risk 0.33cvss 5.1epss 0.00

    IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.

  • CVE-2016-0641MedApr 21, 2016
    risk 0.33cvss 5.1epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.

  • CVE-2015-2007MedJan 3, 2016
    risk 0.33cvss 5.0epss 0.01

    Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2015-4996MedJan 2, 2016
    risk 0.33cvss 5.1epss 0.00

    IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.

  • CVE-2014-3566LowOct 15, 2014
    risk 0.33cvss 3.4epss 1.00

    The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

  • CVE-2026-4917MedApr 23, 2026
    risk 0.32cvss 4.9epss 0.00

    IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.

  • CVE-2026-1274MedApr 23, 2026
    risk 0.32cvss 4.9epss 0.00

    IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.

  • CVE-2025-36171MedOct 9, 2025
    risk 0.32cvss 4.9epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.

  • CVE-2025-36262MedSep 30, 2025
    risk 0.32cvss 4.9epss 0.00

    IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.

  • CVE-2025-36099MedSep 29, 2025
    risk 0.32cvss 4.9epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.

  • CVE-2024-52894MedJul 29, 2025
    risk 0.32cvss 4.9epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted…

  • CVE-2025-25029MedMay 28, 2025
    risk 0.32cvss 4.9epss 0.00

    IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.

  • CVE-2025-25023MedApr 9, 2025
    risk 0.32cvss 4.9epss 0.00

    IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.

  • CVE-2024-45100MedJan 7, 2025
    risk 0.32cvss 4.9epss 0.01

    IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.

  • CVE-2024-49816MedDec 17, 2024
    risk 0.32cvss 4.9epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

  • CVE-2023-50310MedOct 23, 2024
    risk 0.32cvss 4.9epss 0.00

    IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

  • CVE-2024-43188MedSep 18, 2024
    risk 0.32cvss 4.9epss 0.00

    IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.

  • CVE-2024-40704MedAug 15, 2024
    risk 0.32cvss 4.9epss 0.01

    IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.

  • CVE-2024-28793MedMay 28, 2024
    risk 0.32cvss 4.9epss 0.00

    IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

Page 87 of 166