VYPR

Vendor CVEs

IBM

All CVEs

8,253 total · sorted by risk
  • CVE-2022-22363MedJan 7, 2025
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-55897MedJan 3, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be…

  • CVE-2024-5591MedJan 3, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-49818MedDec 17, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-51460MedDec 11, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.

  • CVE-2024-45676MedDec 3, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction.

  • CVE-2024-25036MedDec 3, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.

  • CVE-2024-35160MedNov 23, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.

  • CVE-2024-52359MedNov 19, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.

  • CVE-2024-37070MedNov 19, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

  • CVE-2024-49340MedOct 16, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-31899MedSep 26, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.

  • CVE-2024-43180MedSep 13, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and…

  • CVE-2024-27257MedSep 10, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.

  • CVE-2024-39744MedAug 22, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-39751MedAug 6, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429

  • CVE-2024-39741MedJul 15, 2024
    risk 0.28cvss 4.3epss 0.01

    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: …

  • CVE-2024-39740MedJul 15, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.

  • CVE-2024-39729MedJul 15, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.

  • CVE-2024-39734MedJul 14, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The…

  • CVE-2024-31897MedJul 8, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send…

  • CVE-2024-31902MedJun 30, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.

  • CVE-2023-50954MedJun 30, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.

  • CVE-2023-42011MedJun 27, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: …

  • CVE-2024-31895MedMay 22, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.

  • CVE-2024-31894MedMay 22, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.

  • CVE-2024-31893MedMay 22, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.

  • CVE-2024-28760MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.

  • CVE-2021-20450MedMay 3, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will…

  • CVE-2023-47727MedMay 2, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.

  • CVE-2024-22329MedApr 17, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack.…

  • CVE-2024-22339MedApr 12, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM…

  • CVE-2023-47715MedMar 21, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538.

  • CVE-2023-46179MedMar 15, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent…

  • CVE-2023-46171MedMar 7, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to view sensitive log information after enumerating filenames. IBM X-Force ID: 269408.

  • CVE-2023-25922MedFeb 28, 2024
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621.

  • CVE-2023-32344MedFeb 26, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.

  • CVE-2022-34311MedFeb 12, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.

  • CVE-2023-42016MedFeb 9, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this…

  • CVE-2023-38020MedFeb 2, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576.

  • CVE-2023-47718MedJan 19, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.

  • CVE-2023-47705MedDec 20, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228.

  • CVE-2023-47702MedDec 20, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.

  • CVE-2023-42015MedDec 19, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID:…

  • CVE-2023-49878MedDec 13, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the…

  • CVE-2023-49877MedDec 13, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this…

  • CVE-2023-38268MedDec 1, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.

  • CVE-2022-36777MedNov 22, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

  • CVE-2022-35638MedNov 22, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force…

  • CVE-2023-38363MedNov 13, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the…

Page 91 of 166