Vendor CVEs
IBM
All CVEs
8,256 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39078 | Med | 0.29 | 4.4 | 0.00 | Apr 19, 2022 | IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589. | ||
| CVE-2021-38955 | Med | 0.29 | 4.4 | 0.00 | Mar 1, 2022 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825. | ||
| CVE-2021-38882 | Med | 0.29 | 4.4 | 0.00 | Nov 16, 2021 | IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164. | ||
| CVE-2021-20434 | Med | 0.29 | 4.4 | 0.00 | Sep 23, 2021 | IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346. | ||
| CVE-2021-38899 | Med | 0.29 | 4.4 | 0.00 | Sep 20, 2021 | IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575. | ||
| CVE-2021-29752 | Med | 0.29 | 4.4 | 0.01 | Sep 16, 2021 | IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780. | ||
| CVE-2021-20505 | Med | 0.29 | 4.4 | 0.01 | Jul 29, 2021 | The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use… | ||
| CVE-2021-20510 | Med | 0.29 | 4.4 | 0.00 | Jul 15, 2021 | IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | ||
| CVE-2021-20500 | Med | 0.29 | 4.4 | 0.00 | Jul 15, 2021 | IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. | ||
| CVE-2021-29693 | Med | 0.29 | 4.4 | 0.01 | Jun 28, 2021 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255. | ||
| CVE-2021-20567 | Med | 0.29 | 4.4 | 0.00 | Jun 16, 2021 | IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. | ||
| CVE-2021-20491 | Med | 0.29 | 4.4 | 0.00 | Apr 16, 2021 | IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server… | ||
| CVE-2020-4890 | Med | 0.29 | 4.4 | 0.00 | Mar 16, 2021 | IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. | ||
| CVE-2020-4976 | Med | 0.29 | 4.4 | 0.00 | Mar 11, 2021 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469. | ||
| CVE-2020-4604 | Med | 0.29 | 4.4 | 0.00 | Jan 13, 2021 | IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861. | ||
| CVE-2020-4602 | Med | 0.29 | 4.4 | 0.00 | Jan 13, 2021 | IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836. | ||
| CVE-2020-5021 | Med | 0.29 | 4.4 | 0.00 | Jan 8, 2021 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657. | ||
| CVE-2020-4606 | Med | 0.29 | 4.4 | 0.00 | Jan 8, 2021 | IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883. | ||
| CVE-2020-4918 | Med | 0.29 | 4.4 | 0.00 | Jan 4, 2021 | IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. | ||
| CVE-2020-4913 | Med | 0.29 | 4.4 | 0.00 | Jan 4, 2021 | IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. | ||
| CVE-2019-4693 | Med | 0.29 | 4.4 | 0.00 | Aug 26, 2020 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. | ||
| CVE-2020-4593 | Med | 0.29 | 4.4 | 0.00 | Aug 24, 2020 | IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. | ||
| CVE-2018-1985 | Med | 0.29 | 4.4 | 0.00 | Aug 24, 2020 | IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207. | ||
| CVE-2020-4498 | Med | 0.29 | 4.4 | 0.00 | Jul 27, 2020 | IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. | ||
| CVE-2020-4414 | Med | 0.29 | 4.4 | 0.00 | Jul 1, 2020 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could… | ||
| CVE-2020-4191 | Med | 0.29 | 4.4 | 0.00 | Jun 4, 2020 | IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852. | ||
| CVE-2019-4617 | Med | 0.29 | 4.4 | 0.00 | Mar 16, 2020 | IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645. | ||
| CVE-2019-4406 | Med | 0.29 | 4.4 | 0.00 | Nov 25, 2019 | IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477. | ||
| CVE-2018-2025 | Med | 0.29 | 4.4 | 0.00 | Nov 25, 2019 | IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551. | ||
| CVE-2019-4243 | Med | 0.29 | 4.4 | 0.00 | Nov 22, 2019 | IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517. | ||
| CVE-2019-4572 | Med | 0.29 | 4.4 | 0.00 | Oct 14, 2019 | IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798. | ||
| CVE-2019-4284 | Med | 0.29 | 4.4 | 0.00 | Aug 5, 2019 | IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512. | ||
| CVE-2019-4236 | Med | 0.29 | 4.4 | 0.00 | Jul 22, 2019 | A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow… | ||
| CVE-2019-4118 | Med | 0.29 | 4.4 | 0.00 | Jul 11, 2019 | IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144. | ||
| CVE-2019-4225 | Med | 0.29 | 4.4 | 0.00 | Jun 26, 2019 | IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242. | ||
| CVE-2019-4152 | Med | 0.29 | 4.4 | 0.00 | Jun 25, 2019 | IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515. | ||
| CVE-2019-4093 | Med | 0.29 | 4.4 | 0.00 | Apr 2, 2019 | IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981. | ||
| CVE-2018-1938 | Med | 0.29 | 4.4 | 0.00 | Mar 5, 2019 | IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318. | ||
| CVE-2018-1937 | Med | 0.29 | 4.4 | 0.00 | Mar 5, 2019 | IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317. | ||
| CVE-2017-1231 | Med | 0.29 | 4.4 | 0.00 | Oct 12, 2018 | IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910. | ||
| CVE-2018-1564 | Med | 0.29 | 4.4 | 0.00 | Jul 20, 2018 | IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968. | ||
| CVE-2018-1621 | Med | 0.29 | 4.4 | 0.00 | Jul 6, 2018 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. | ||
| CVE-2017-1795 | Med | 0.29 | 4.4 | 0.00 | Jul 6, 2018 | IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. | ||
| CVE-2017-1405 | Med | 0.29 | 4.4 | 0.00 | Jun 8, 2018 | IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392. | ||
| CVE-2017-1787 | Med | 0.29 | 4.4 | 0.00 | Mar 2, 2018 | IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022. | ||
| CVE-2018-1368 | Med | 0.29 | 4.4 | 0.00 | Feb 9, 2018 | IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not… | ||
| CVE-2017-1336 | Med | 0.29 | 4.4 | 0.01 | Dec 7, 2017 | IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | ||
| CVE-2017-1339 | Med | 0.29 | 4.4 | 0.00 | Oct 5, 2017 | IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of… | ||
| CVE-2015-7418 | Med | 0.29 | 4.4 | 0.00 | Feb 8, 2017 | IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. | ||
| CVE-2016-3034 | Med | 0.29 | 4.4 | 0.00 | Feb 1, 2017 | IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. |
- risk 0.29cvss 4.4epss 0.00
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.
- risk 0.29cvss 4.4epss 0.00
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.
- risk 0.29cvss 4.4epss 0.00
IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.
- risk 0.29cvss 4.4epss 0.00
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346.
- risk 0.29cvss 4.4epss 0.00
IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.
- risk 0.29cvss 4.4epss 0.01
IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.
- risk 0.29cvss 4.4epss 0.01
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use…
- risk 0.29cvss 4.4epss 0.00
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299
- risk 0.29cvss 4.4epss 0.00
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.
- risk 0.29cvss 4.4epss 0.01
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.
- risk 0.29cvss 4.4epss 0.00
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.
- risk 0.29cvss 4.4epss 0.00
IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server…
- risk 0.29cvss 4.4epss 0.00
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.
- risk 0.29cvss 4.4epss 0.00
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.
- risk 0.29cvss 4.4epss 0.00
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.
- risk 0.29cvss 4.4epss 0.00
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.
- risk 0.29cvss 4.4epss 0.00
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657.
- risk 0.29cvss 4.4epss 0.00
IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883.
- risk 0.29cvss 4.4epss 0.00
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.
- risk 0.29cvss 4.4epss 0.00
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.
- risk 0.29cvss 4.4epss 0.00
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.
- risk 0.29cvss 4.4epss 0.00
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747.
- risk 0.29cvss 4.4epss 0.00
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207.
- risk 0.29cvss 4.4epss 0.00
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.
- risk 0.29cvss 4.4epss 0.00
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could…
- risk 0.29cvss 4.4epss 0.00
IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852.
- risk 0.29cvss 4.4epss 0.00
IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645.
- risk 0.29cvss 4.4epss 0.00
IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477.
- risk 0.29cvss 4.4epss 0.00
IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551.
- risk 0.29cvss 4.4epss 0.00
IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.
- risk 0.29cvss 4.4epss 0.00
IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798.
- risk 0.29cvss 4.4epss 0.00
IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.
- risk 0.29cvss 4.4epss 0.00
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow…
- risk 0.29cvss 4.4epss 0.00
IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144.
- risk 0.29cvss 4.4epss 0.00
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.
- risk 0.29cvss 4.4epss 0.00
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.
- risk 0.29cvss 4.4epss 0.00
IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.
- risk 0.29cvss 4.4epss 0.00
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.
- risk 0.29cvss 4.4epss 0.00
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.
- risk 0.29cvss 4.4epss 0.00
IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.
- risk 0.29cvss 4.4epss 0.00
IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968.
- risk 0.29cvss 4.4epss 0.00
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.
- risk 0.29cvss 4.4epss 0.00
IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.
- risk 0.29cvss 4.4epss 0.00
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.
- risk 0.29cvss 4.4epss 0.00
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.
- risk 0.29cvss 4.4epss 0.00
IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not…
- risk 0.29cvss 4.4epss 0.01
IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.
- risk 0.29cvss 4.4epss 0.00
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of…
- risk 0.29cvss 4.4epss 0.00
IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.
- risk 0.29cvss 4.4epss 0.00
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.
Page 89 of 166