VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2016-3017HigFeb 1, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.

  • CVE-2016-9879HigJan 6, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker…

  • CVE-2015-3217HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.06

    PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

  • CVE-2016-3012HigDec 1, 2016
    risk 0.49cvss 7.5epss 0.02

    IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials.

  • CVE-2016-2876HigNov 30, 2016
    risk 0.49cvss 7.5epss 0.02

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue.

  • CVE-2016-0319HigNov 25, 2016
    risk 0.49cvss 7.5epss 0.02

    The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in…

  • CVE-2016-6023HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.

  • CVE-2016-5983HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.04

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

  • CVE-2016-5986HigOct 1, 2016
    risk 0.49cvss 7.5epss 0.02

    IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-5996HigSep 26, 2016
    risk 0.49cvss 7.5epss 0.01

    The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length…

  • CVE-2016-5957HigSep 26, 2016
    risk 0.49cvss 7.5epss 0.01

    IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm.

  • CVE-2015-1977HigJul 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before…

  • CVE-2016-2945HigJul 8, 2016
    risk 0.49cvss 7.5epss 0.02

    The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.

  • CVE-2016-2923HigJul 7, 2016
    risk 0.49cvss 7.5epss 0.02

    IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive…

  • CVE-2016-0260HigJun 29, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.

  • CVE-2016-0341HigMay 15, 2016
    risk 0.49cvss 7.5epss 0.01

    IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2015-8523HigApr 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port.

  • CVE-2015-5042HigFeb 15, 2016
    risk 0.49cvss 7.5epss 0.02

    IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.

  • CVE-2015-5012HigFeb 15, 2016
    risk 0.49cvss 7.5epss 0.02

    The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection…

  • CVE-2015-5010HigFeb 15, 2016
    risk 0.49cvss 7.5epss 0.02

    IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

  • CVE-2015-7464HigJan 29, 2016
    risk 0.49cvss 7.5epss 0.01

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL.

  • CVE-2015-7470HigJan 17, 2016
    risk 0.49cvss 7.5epss 0.01

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information.

  • CVE-2015-5038HigJan 3, 2016
    risk 0.49cvss 7.5epss 0.01

    IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML…

  • CVE-2015-1916HigJul 2, 2015
    risk 0.49cvss 7.5epss 0.03

    Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.

  • CVE-2008-2122HigMay 9, 2008
    risk 0.49cvss 7.5epss 0.02

    IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets.

  • CVE-2007-3268HigJul 18, 2007
    risk 0.49cvss 7.5epss 0.02

    The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a…

  • CVE-2005-4868HigDec 31, 2005
    risk 0.49cvss 7.1epss 0.01

    Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.

  • CVE-2000-0497HigJun 8, 2000
    risk 0.49cvss 7.5epss 0.03

    IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

  • CVE-2026-2713HigMar 10, 2026
    risk 0.48cvss 7.4epss 0.00

    IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. By placing a specially crafted file in a compromised folder, an attacker could…

  • CVE-2018-1736HigSep 27, 2018
    risk 0.48cvss 7.4epss 0.02

    IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to…

  • CVE-2018-1695HigSep 6, 2018
    risk 0.48cvss 7.3epss 0.02

    IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.

  • CVE-2018-1656HigAug 20, 2018
    risk 0.48cvss 7.4epss 0.05

    The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.

  • CVE-2018-1458HigJul 10, 2018
    risk 0.48cvss 7.4epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.

  • CVE-2018-1431HigJun 13, 2018
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator…

  • CVE-2018-1515HigMay 25, 2018
    risk 0.48cvss 7.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.

  • CVE-2014-0881HigApr 25, 2018
    risk 0.48cvss 7.4epss 0.02

    The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146.

  • CVE-2015-5039HigMar 26, 2018
    risk 0.48cvss 7.4epss 0.01

    The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain…

  • CVE-2018-1426HigMar 22, 2018
    risk 0.48cvss 7.4epss 0.03

    IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

  • CVE-2017-1677HigMar 22, 2018
    risk 0.48cvss 7.4epss 0.01

    IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

  • CVE-2017-1541HigOct 4, 2017
    risk 0.48cvss 7.3epss 0.02

    A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.

  • CVE-2017-1130MedSep 5, 2017
    risk 0.48cvss 6.5epss 0.29

    IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

  • CVE-2017-1129MedSep 5, 2017
    risk 0.48cvss 6.5epss 0.30

    IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.

  • CVE-2017-1122HigApr 20, 2017
    risk 0.48cvss 7.4epss 0.00

    IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.

  • CVE-2017-1161HigApr 17, 2017
    risk 0.48cvss 7.3epss 0.01

    IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the…

  • CVE-2016-5934HigFeb 8, 2017
    risk 0.48cvss 7.3epss 0.01

    IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the…

  • CVE-2016-6042HigFeb 1, 2017
    risk 0.48cvss 7.3epss 0.03

    IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary…

  • CVE-2016-2936HigNov 30, 2016
    risk 0.48cvss 7.3epss 0.01

    IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.

  • CVE-2016-0340HigJul 15, 2016
    risk 0.48cvss 7.4epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

  • CVE-2016-0330HigJul 15, 2016
    risk 0.48cvss 7.3epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm.

  • CVE-2015-7428HigFeb 29, 2016
    risk 0.48cvss 7.4epss 0.01

    Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

Page 9 of 166