VYPR

Vendor CVEs

IBM

All CVEs

8,253 total · sorted by risk
  • CVE-2016-5991MedNov 25, 2016
    risk 0.29cvss 4.5epss 0.00

    IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.

  • CVE-2015-7462MedJun 19, 2016
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.

  • CVE-2015-2008MedFeb 15, 2016
    risk 0.29cvss 4.4epss 0.01

    IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive.

  • CVE-1999-0524MedAug 1, 1997
    risk 0.29cvss 4.0epss 0.32

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  • CVE-2026-1248MedMay 27, 2026
    risk 0.28cvss 4.3epss 0.00

    IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.

  • CVE-2025-36220MedMay 26, 2026
    risk 0.28cvss 4.3epss 0.00

    IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in…

  • CVE-2026-4820MedApr 1, 2026
    risk 0.28cvss 4.3epss 0.00

    IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie…

  • CVE-2026-2484MedMar 25, 2026
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages

  • CVE-2024-40685MedFeb 4, 2026
    risk 0.28cvss 4.3epss 0.00

    IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions.

  • CVE-2025-36090MedJul 10, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message.

  • CVE-2025-2670MedJul 9, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related…

  • CVE-2025-1112MedJul 9, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.

  • CVE-2025-27369MedJul 8, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information…

  • CVE-2025-2827MedJul 8, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.

  • CVE-2025-36026MedJun 28, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to…

  • CVE-2025-3629MedJun 21, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.

  • CVE-2024-54172MedJun 18, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-56343MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.

  • CVE-2024-56342MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-51453MedMay 28, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2025-25026MedMay 28, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.

  • CVE-2025-25025MedMay 28, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2025-1138MedMay 15, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.

  • CVE-2025-1495MedMay 3, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.

  • CVE-2025-25045MedApr 23, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.

  • CVE-2022-43840MedApr 14, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.

  • CVE-2024-51461MedApr 11, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.

  • CVE-2024-56474MedApr 2, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-51477MedMar 29, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.

  • CVE-2024-52362MedMar 12, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow…

  • CVE-2024-49779MedFeb 20, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another…

  • CVE-2024-49344MedFeb 20, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

  • CVE-2024-43196MedFeb 20, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0  application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.

  • CVE-2024-54176MedFeb 8, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due…

  • CVE-2024-49800MedFeb 6, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user.

  • CVE-2024-49798MedFeb 6, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-49795MedFeb 6, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-49794MedFeb 6, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-38316MedFeb 5, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.

  • CVE-2024-49348MedFeb 5, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned…

  • CVE-2024-45089MedJan 31, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.

  • CVE-2023-38739MedJan 31, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-22316MedJan 27, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.

  • CVE-2023-47159MedJan 27, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.

  • CVE-2024-35113MedJan 25, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.

  • CVE-2024-35111MedJan 25, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2023-38271MedJan 25, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.

  • CVE-2024-45654MedJan 19, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.

  • CVE-2024-45653MedJan 19, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.

  • CVE-2024-25037MedJan 7, 2025
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.

Page 90 of 166