VYPR

Vendor CVEs

IBM

All CVEs

8,254 total · sorted by risk
  • CVE-2021-38977MedNov 15, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The…

  • CVE-2021-38985MedNov 12, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

  • CVE-2021-38972MedNov 12, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

  • CVE-2021-29883MedOct 21, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site…

  • CVE-2021-29700MedOct 7, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.

  • CVE-2021-20552MedOct 7, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.

  • CVE-2021-20376MedOct 7, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.

  • CVE-2021-20372MedOct 7, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.

  • CVE-2021-29761MedOct 6, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.

  • CVE-2021-29760MedOct 6, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.

  • CVE-2021-29758MedOct 6, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169.

  • CVE-2021-20563MedSep 23, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM…

  • CVE-2021-20485MedSep 23, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.

  • CVE-2020-4941MedSep 23, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.

  • CVE-2021-20508MedSep 14, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.

  • CVE-2021-29853MedSep 1, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.

  • CVE-2021-29851MedSep 1, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.

  • CVE-2021-20420MedAug 11, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281.

  • CVE-2021-29784MedJul 26, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168.

  • CVE-2021-29769MedJul 26, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user…

  • CVE-2021-20424MedJul 13, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309.

  • CVE-2021-29711MedJul 8, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.

  • CVE-2021-20417MedJul 7, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219

  • CVE-2021-20580MedJun 29, 2021
    risk 0.28cvss 4.3epss 0.00

    IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.

  • CVE-2021-29751MedJun 28, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.

  • CVE-2021-20413MedJun 28, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212.

  • CVE-2019-4722MedJun 1, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.

  • CVE-2020-4646MedMay 19, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control.

  • CVE-2020-4536MedMay 11, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.

  • CVE-2020-4964MedApr 12, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

  • CVE-2021-20440MedMar 15, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API…

  • CVE-2020-4953MedFeb 23, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.

  • CVE-2020-5032MedFeb 4, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178.

  • CVE-2020-4827MedFeb 4, 2021
    risk 0.28cvss 4.3epss 0.00

    IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.

  • CVE-2020-4826MedFeb 4, 2021
    risk 0.28cvss 4.3epss 0.00

    IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840.

  • CVE-2020-4934MedFeb 2, 2021
    risk 0.28cvss 4.3epss 0.02

    IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752.

  • CVE-2020-4786MedJan 27, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration…

  • CVE-2020-4189MedJan 27, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.

  • CVE-2020-4967MedJan 27, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.

  • CVE-2020-4966MedJan 21, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The…

  • CVE-2020-4597MedJan 13, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to…

  • CVE-2020-4674MedJan 12, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.

  • CVE-2020-4673MedJan 12, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286.

  • CVE-2020-4544MedJan 8, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.

  • CVE-2020-4487MedJan 8, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.

  • CVE-2020-4667MedJan 8, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.

  • CVE-2020-4843MedDec 21, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048.

  • CVE-2020-4696MedNov 30, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.

  • CVE-2020-4626MedNov 30, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362.

  • CVE-2020-4763MedNov 16, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the…

Page 93 of 166