Vendor CVEs
IBM
All CVEs
8,253 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5991 | Med | 0.29 | 4.5 | 0.00 | Nov 25, 2016 | IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. | ||
| CVE-2015-7462 | Med | 0.29 | 4.4 | 0.00 | Jun 19, 2016 | IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | ||
| CVE-2015-2008 | Med | 0.29 | 4.4 | 0.01 | Feb 15, 2016 | IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive. | ||
| CVE-1999-0524 | Med | 0.29 | 4.0 | 0.32 | Aug 1, 1997 | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||
| CVE-2026-1248 | Med | 0.28 | 4.3 | 0.00 | May 27, 2026 | IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. | ||
| CVE-2025-36220 | Med | 0.28 | 4.3 | 0.00 | May 26, 2026 | IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in… | ||
| CVE-2026-4820 | Med | 0.28 | 4.3 | 0.00 | Apr 1, 2026 | IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie… | ||
| CVE-2026-2484 | Med | 0.28 | 4.3 | 0.00 | Mar 25, 2026 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages | ||
| CVE-2024-40685 | Med | 0.28 | 4.3 | 0.00 | Feb 4, 2026 | IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions. | ||
| CVE-2025-36090 | Med | 0.28 | 4.3 | 0.00 | Jul 10, 2025 | IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message. | ||
| CVE-2025-2670 | Med | 0.28 | 4.3 | 0.00 | Jul 9, 2025 | IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related… | ||
| CVE-2025-1112 | Med | 0.28 | 4.3 | 0.00 | Jul 9, 2025 | IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users. | ||
| CVE-2025-27369 | Med | 0.28 | 4.3 | 0.00 | Jul 8, 2025 | IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information… | ||
| CVE-2025-2827 | Med | 0.28 | 4.3 | 0.00 | Jul 8, 2025 | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system. | ||
| CVE-2025-36026 | Med | 0.28 | 4.3 | 0.00 | Jun 28, 2025 | IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to… | ||
| CVE-2025-3629 | Med | 0.28 | 4.3 | 0.00 | Jun 21, 2025 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management. | ||
| CVE-2024-54172 | Med | 0.28 | 4.3 | 0.00 | Jun 18, 2025 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||
| CVE-2024-56343 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request. | ||
| CVE-2024-56342 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||
| CVE-2024-51453 | Med | 0.28 | 4.3 | 0.00 | May 28, 2025 | IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||
| CVE-2025-25026 | Med | 0.28 | 4.3 | 0.00 | May 28, 2025 | IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. | ||
| CVE-2025-25025 | Med | 0.28 | 4.3 | 0.00 | May 28, 2025 | IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||
| CVE-2025-1138 | Med | 0.28 | 4.3 | 0.00 | May 15, 2025 | IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. | ||
| CVE-2025-1495 | Med | 0.28 | 4.3 | 0.00 | May 3, 2025 | IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation. | ||
| CVE-2025-25045 | Med | 0.28 | 4.3 | 0.00 | Apr 23, 2025 | IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. | ||
| CVE-2022-43840 | Med | 0.28 | 4.3 | 0.00 | Apr 14, 2025 | IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document. | ||
| CVE-2024-51461 | Med | 0.28 | 4.3 | 0.00 | Apr 11, 2025 | IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources. | ||
| CVE-2024-56474 | Med | 0.28 | 4.3 | 0.00 | Apr 2, 2025 | IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||
| CVE-2024-51477 | Med | 0.28 | 4.3 | 0.00 | Mar 29, 2025 | IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy. | ||
| CVE-2024-52362 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2025 | IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow… | ||
| CVE-2024-49779 | Med | 0.28 | 4.3 | 0.00 | Feb 20, 2025 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another… | ||
| CVE-2024-49344 | Med | 0.28 | 4.3 | 0.00 | Feb 20, 2025 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. | ||
| CVE-2024-43196 | Med | 0.28 | 4.3 | 0.00 | Feb 20, 2025 | IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. | ||
| CVE-2024-54176 | Med | 0.28 | 4.3 | 0.00 | Feb 8, 2025 | IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due… | ||
| CVE-2024-49800 | Med | 0.28 | 4.3 | 0.00 | Feb 6, 2025 | IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | ||
| CVE-2024-49798 | Med | 0.28 | 4.3 | 0.00 | Feb 6, 2025 | IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||
| CVE-2024-49795 | Med | 0.28 | 4.3 | 0.00 | Feb 6, 2025 | IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||
| CVE-2024-49794 | Med | 0.28 | 4.3 | 0.00 | Feb 6, 2025 | IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||
| CVE-2024-38316 | Med | 0.28 | 4.3 | 0.00 | Feb 5, 2025 | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | ||
| CVE-2024-49348 | Med | 0.28 | 4.3 | 0.00 | Feb 5, 2025 | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned… | ||
| CVE-2024-45089 | Med | 0.28 | 4.3 | 0.00 | Jan 31, 2025 | IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy. | ||
| CVE-2023-38739 | Med | 0.28 | 4.3 | 0.00 | Jan 31, 2025 | IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||
| CVE-2024-22316 | Med | 0.28 | 4.3 | 0.00 | Jan 27, 2025 | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. | ||
| CVE-2023-47159 | Med | 0.28 | 4.3 | 0.00 | Jan 27, 2025 | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. | ||
| CVE-2024-35113 | Med | 0.28 | 4.3 | 0.00 | Jan 25, 2025 | IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | ||
| CVE-2024-35111 | Med | 0.28 | 4.3 | 0.00 | Jan 25, 2025 | IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||
| CVE-2023-38271 | Med | 0.28 | 4.3 | 0.00 | Jan 25, 2025 | IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files. | ||
| CVE-2024-45654 | Med | 0.28 | 4.3 | 0.00 | Jan 19, 2025 | IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs. | ||
| CVE-2024-45653 | Med | 0.28 | 4.3 | 0.00 | Jan 19, 2025 | IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system. | ||
| CVE-2024-25037 | Med | 0.28 | 4.3 | 0.01 | Jan 7, 2025 | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. |
- risk 0.29cvss 4.5epss 0.00
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
- risk 0.29cvss 4.4epss 0.00
IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.
- risk 0.29cvss 4.4epss 0.01
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive.
- risk 0.29cvss 4.0epss 0.32
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
- risk 0.28cvss 4.3epss 0.00
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
- risk 0.28cvss 4.3epss 0.00
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in…
- risk 0.28cvss 4.3epss 0.00
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie…
- risk 0.28cvss 4.3epss 0.00
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages
- risk 0.28cvss 4.3epss 0.00
IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions.
- risk 0.28cvss 4.3epss 0.00
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message.
- risk 0.28cvss 4.3epss 0.00
IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related…
- risk 0.28cvss 4.3epss 0.00
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
- risk 0.28cvss 4.3epss 0.00
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information…
- risk 0.28cvss 4.3epss 0.00
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.
- risk 0.28cvss 4.3epss 0.00
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to…
- risk 0.28cvss 4.3epss 0.00
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.
- risk 0.28cvss 4.3epss 0.00
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- risk 0.28cvss 4.3epss 0.00
IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.
- risk 0.28cvss 4.3epss 0.00
IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- risk 0.28cvss 4.3epss 0.00
IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
- risk 0.28cvss 4.3epss 0.00
IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.
- risk 0.28cvss 4.3epss 0.00
IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- risk 0.28cvss 4.3epss 0.00
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
- risk 0.28cvss 4.3epss 0.00
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
- risk 0.28cvss 4.3epss 0.00
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
- risk 0.28cvss 4.3epss 0.00
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.
- risk 0.28cvss 4.3epss 0.00
IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.
- risk 0.28cvss 4.3epss 0.00
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- risk 0.28cvss 4.3epss 0.00
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
- risk 0.28cvss 4.3epss 0.00
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow…
- risk 0.28cvss 4.3epss 0.00
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another…
- risk 0.28cvss 4.3epss 0.00
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.
- risk 0.28cvss 4.3epss 0.00
IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.
- risk 0.28cvss 4.3epss 0.00
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due…
- risk 0.28cvss 4.3epss 0.00
IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user.
- risk 0.28cvss 4.3epss 0.00
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- risk 0.28cvss 4.3epss 0.00
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- risk 0.28cvss 4.3epss 0.00
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- risk 0.28cvss 4.3epss 0.00
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
- risk 0.28cvss 4.3epss 0.00
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned…
- risk 0.28cvss 4.3epss 0.00
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.
- risk 0.28cvss 4.3epss 0.00
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- risk 0.28cvss 4.3epss 0.00
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.
- risk 0.28cvss 4.3epss 0.00
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.
- risk 0.28cvss 4.3epss 0.00
IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.
- risk 0.28cvss 4.3epss 0.00
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- risk 0.28cvss 4.3epss 0.00
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.
- risk 0.28cvss 4.3epss 0.00
IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.
- risk 0.28cvss 4.3epss 0.00
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
- risk 0.28cvss 4.3epss 0.01
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
Page 90 of 166