VYPR

Vendor CVEs

IBM

All CVEs

8,256 total · sorted by risk
  • CVE-2023-43057MedNov 11, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

  • CVE-2023-35024MedOct 14, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus…

  • CVE-2023-40684MedOct 4, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2023-35905MedOct 4, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2022-43909MedAug 27, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: …

  • CVE-2023-25929MedJul 22, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2023-26274MedJun 27, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.…

  • CVE-2022-43871MedApr 29, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2022-43914MedApr 7, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2022-43578MedFeb 22, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…

  • CVE-2023-25928MedFeb 21, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2022-43579MedFeb 17, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…

  • CVE-2023-23475MedFeb 8, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2022-34362MedFeb 8, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session…

  • CVE-2023-22594MedJan 18, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2022-41740MedJan 5, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.

  • CVE-2022-46771MedDec 20, 2022
    risk 0.30cvss 4.6epss 0.00

    IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…

  • CVE-2022-22412MedJul 26, 2022
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019.

  • CVE-2022-33953MedJun 24, 2022
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.

  • CVE-2022-22434MedMay 5, 2022
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159.

  • CVE-2019-4351MedFeb 16, 2022
    risk 0.30cvss 4.6epss 0.00

    IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493.

  • CVE-2020-4408MedJul 27, 2020
    risk 0.30cvss 4.6epss 0.00

    The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.

  • CVE-2020-4353MedApr 23, 2020
    risk 0.30cvss 4.6epss 0.00

    IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505.

  • CVE-2019-4735MedApr 23, 2020
    risk 0.30cvss 4.6epss 0.00

    IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container. IBM X-Force ID: 172705.

  • CVE-2019-4216MedNov 22, 2019
    risk 0.30cvss 4.6epss 0.01

    IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.

  • CVE-2018-1874MedApr 2, 2019
    risk 0.30cvss 4.6epss 0.00

    IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.

  • CVE-2018-1896MedDec 7, 2018
    risk 0.30cvss 4.6epss 0.01

    IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

  • CVE-2016-5011MedApr 11, 2017
    risk 0.30cvss 4.6epss 0.00

    The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

  • CVE-2016-5933MedMar 8, 2017
    risk 0.30cvss 4.6epss 0.01

    IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.

  • CVE-2016-3004MedNov 30, 2016
    risk 0.30cvss 4.6epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications.

  • CVE-2015-2808LowApr 1, 2015
    risk 0.30cvss 3.7epss 0.74

    The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing…

  • CVE-2026-5516MedMay 27, 2026
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window.

  • CVE-2025-36187MedMar 25, 2026
    risk 0.29cvss 4.4epss 0.00

    IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

  • CVE-2025-36105MedMar 10, 2026
    risk 0.29cvss 4.4epss 0.00

    IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.

  • CVE-2025-36000MedAug 12, 2025
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2024-38335MedJul 22, 2025
    risk 0.29cvss 4.5epss 0.00

    IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources.

  • CVE-2025-33104MedMay 14, 2025
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2024-7577MedMar 29, 2025
    risk 0.29cvss 4.4epss 0.00

    IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.

  • CVE-2025-0986MedMar 28, 2025
    risk 0.29cvss 4.5epss 0.00

    IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration.

  • CVE-2023-37412MedJan 29, 2025
    risk 0.29cvss 4.4epss 0.00

    IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.

  • CVE-2023-33838MedJan 29, 2025
    risk 0.29cvss 4.4epss 0.00

    IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

  • CVE-2024-51457MedJan 22, 2025
    risk 0.29cvss 4.4epss 0.00

    IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

  • CVE-2024-49338MedJan 18, 2025
    risk 0.29cvss 4.4epss 0.00

    IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.

  • CVE-2023-50956MedDec 18, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

  • CVE-2024-49817MedDec 17, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.

  • CVE-2024-35117MedDec 11, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.

  • CVE-2023-46175MedSep 26, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.

  • CVE-2024-25052MedJun 13, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.

  • CVE-2023-47717MedMay 16, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.

  • CVE-2024-28775MedMay 1, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

Page 88 of 166