VYPR

Vendor CVEs

IBM

All CVEs

8,256 total · sorted by risk
  • CVE-2021-39078MedApr 19, 2022
    risk 0.29cvss 4.4epss 0.00

    IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.

  • CVE-2021-38955MedMar 1, 2022
    risk 0.29cvss 4.4epss 0.00

    IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.

  • CVE-2021-38882MedNov 16, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.

  • CVE-2021-20434MedSep 23, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346.

  • CVE-2021-38899MedSep 20, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.

  • CVE-2021-29752MedSep 16, 2021
    risk 0.29cvss 4.4epss 0.01

    IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

  • CVE-2021-20505MedJul 29, 2021
    risk 0.29cvss 4.4epss 0.01

    The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use…

  • CVE-2021-20510MedJul 15, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299

  • CVE-2021-20500MedJul 15, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.

  • CVE-2021-29693MedJun 28, 2021
    risk 0.29cvss 4.4epss 0.01

    IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.

  • CVE-2021-20567MedJun 16, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.

  • CVE-2021-20491MedApr 16, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server…

  • CVE-2020-4890MedMar 16, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.

  • CVE-2020-4976MedMar 11, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

  • CVE-2020-4604MedJan 13, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.

  • CVE-2020-4602MedJan 13, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.

  • CVE-2020-5021MedJan 8, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657.

  • CVE-2020-4606MedJan 8, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883.

  • CVE-2020-4918MedJan 4, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.

  • CVE-2020-4913MedJan 4, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.

  • CVE-2019-4693MedAug 26, 2020
    risk 0.29cvss 4.4epss 0.00

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.

  • CVE-2020-4593MedAug 24, 2020
    risk 0.29cvss 4.4epss 0.00

    IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747.

  • CVE-2018-1985MedAug 24, 2020
    risk 0.29cvss 4.4epss 0.00

    IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207.

  • CVE-2020-4498MedJul 27, 2020
    risk 0.29cvss 4.4epss 0.00

    IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.

  • CVE-2020-4414MedJul 1, 2020
    risk 0.29cvss 4.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could…

  • CVE-2020-4191MedJun 4, 2020
    risk 0.29cvss 4.4epss 0.00

    IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852.

  • CVE-2019-4617MedMar 16, 2020
    risk 0.29cvss 4.4epss 0.00

    IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645.

  • CVE-2019-4406MedNov 25, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477.

  • CVE-2018-2025MedNov 25, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551.

  • CVE-2019-4243MedNov 22, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.

  • CVE-2019-4572MedOct 14, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798.

  • CVE-2019-4284MedAug 5, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.

  • CVE-2019-4236MedJul 22, 2019
    risk 0.29cvss 4.4epss 0.00

    A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow…

  • CVE-2019-4118MedJul 11, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144.

  • CVE-2019-4225MedJun 26, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.

  • CVE-2019-4152MedJun 25, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.

  • CVE-2019-4093MedApr 2, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.

  • CVE-2018-1938MedMar 5, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.

  • CVE-2018-1937MedMar 5, 2019
    risk 0.29cvss 4.4epss 0.00

    IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.

  • CVE-2017-1231MedOct 12, 2018
    risk 0.29cvss 4.4epss 0.00

    IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.

  • CVE-2018-1564MedJul 20, 2018
    risk 0.29cvss 4.4epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968.

  • CVE-2018-1621MedJul 6, 2018
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.

  • CVE-2017-1795MedJul 6, 2018
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.

  • CVE-2017-1405MedJun 8, 2018
    risk 0.29cvss 4.4epss 0.00

    IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.

  • CVE-2017-1787MedMar 2, 2018
    risk 0.29cvss 4.4epss 0.00

    IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.

  • CVE-2018-1368MedFeb 9, 2018
    risk 0.29cvss 4.4epss 0.00

    IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not…

  • CVE-2017-1336MedDec 7, 2017
    risk 0.29cvss 4.4epss 0.01

    IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.

  • CVE-2017-1339MedOct 5, 2017
    risk 0.29cvss 4.4epss 0.00

    IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of…

  • CVE-2015-7418MedFeb 8, 2017
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.

  • CVE-2016-3034MedFeb 1, 2017
    risk 0.29cvss 4.4epss 0.00

    IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

Page 89 of 166