VYPR

Vendor CVEs

IBM

All CVEs

8,253 total · sorted by risk
  • CVE-2021-38859MedOct 17, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899.

  • CVE-2022-22384MedOct 17, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961.

  • CVE-2022-43903MedSep 5, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.

  • CVE-2023-33835MedAug 31, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015.

  • CVE-2023-33834MedAug 31, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014.

  • CVE-2023-38733MedAug 22, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.

  • CVE-2023-38732MedAug 22, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.

  • CVE-2020-4868MedJul 31, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.

  • CVE-2022-43908MedJul 19, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.

  • CVE-2023-35900MedJul 19, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.

  • CVE-2023-35898MedJul 19, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.

  • CVE-2023-23487MedJul 10, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

  • CVE-2023-26273MedJun 27, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.

  • CVE-2023-28522MedMay 12, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.

  • CVE-2023-25688MedMar 22, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. …

  • CVE-2023-25687MedMar 21, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602.

  • CVE-2022-46773MedMar 15, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.

  • CVE-2023-22876MedMar 15, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364.

  • CVE-2020-5002MedMar 10, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954.

  • CVE-2020-5026MedMar 1, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks…

  • CVE-2020-5001MedMar 1, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953.…

  • CVE-2022-40231MedFeb 17, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533.

  • CVE-2021-39089MedJan 20, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.

  • CVE-2022-22337MedJan 4, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507.

  • CVE-2022-42435MedJan 4, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a…

  • CVE-2022-43860MedDec 24, 2022
    risk 0.28cvss 4.3epss 0.00

    IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force…

  • CVE-2022-43858MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining…

  • CVE-2022-43857MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet…

  • CVE-2022-41297MedDec 1, 2022
    risk 0.28cvss 4.3epss 0.00

    IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.

  • CVE-2022-34313MedNov 14, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link…

  • CVE-2022-35279MedNov 3, 2022
    risk 0.28cvss 4.3epss 0.00

    "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force…

  • CVE-2011-4820MedSep 29, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences.

  • CVE-2022-22329MedSep 13, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure…

  • CVE-2022-34307MedAug 1, 2022
    risk 0.28cvss 4.3epss 0.00

    IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and…

  • CVE-2022-22334MedAug 1, 2022
    risk 0.28cvss 4.3epss 0.00

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.

  • CVE-2021-39018MedJul 14, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.

  • CVE-2021-39016MedJul 14, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM…

  • CVE-2021-38954MedJun 30, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414.

  • CVE-2021-20544MedJun 24, 2022
    risk 0.28cvss 4.3epss 0.00

    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM…

  • CVE-2021-20421MedJun 24, 2022
    risk 0.28cvss 4.3epss 0.00

    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

  • CVE-2021-38874MedApr 27, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.

  • CVE-2021-29776MedApr 27, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.

  • CVE-2021-38905MedApr 22, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.

  • CVE-2021-29824MedApr 22, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.

  • CVE-2022-22391MedApr 14, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059.

  • CVE-2020-4989MedMar 15, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.

  • CVE-2022-22349MedFeb 24, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.

  • CVE-2021-29701MedJan 11, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID:…

  • CVE-2021-29863MedDec 1, 2021
    risk 0.28cvss 4.3epss 0.00

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an…

  • CVE-2021-38977MedNov 15, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The…

Page 92 of 166