VYPR

Vendor CVEs

IBM

All CVEs

8,254 total · sorted by risk
  • CVE-2020-4665MedNov 16, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the…

  • CVE-2020-4484MedNov 6, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.

  • CVE-2020-4483MedNov 6, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force…

  • CVE-2020-4649MedNov 3, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.

  • CVE-2020-4864MedOct 29, 2020
    risk 0.28cvss 4.3epss 0.00

    IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.

  • CVE-2020-4749MedOct 20, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent…

  • CVE-2020-4340MedSep 23, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.

  • CVE-2020-4324MedSep 23, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.

  • CVE-2020-4315MedSep 21, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie…

  • CVE-2020-8339MedSep 15, 2020
    risk 0.28cvss 4.3epss 0.01

    A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is…

  • CVE-2020-4526MedSep 15, 2020
    risk 0.28cvss 4.3epss 0.00

    IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.

  • CVE-2012-3340MedSep 1, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.

  • CVE-2019-4579MedAug 28, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.

  • CVE-2019-4533MedAug 28, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589.

  • CVE-2020-4171MedAug 27, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407.

  • CVE-2019-4688MedAug 26, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie…

  • CVE-2020-4170MedAug 24, 2020
    risk 0.28cvss 4.3epss 0.00

    IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406.

  • CVE-2020-4687MedAug 20, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679.

  • CVE-2019-4582MedAug 13, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288.

  • CVE-2020-4410MedAug 4, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539.

  • CVE-2019-4589MedAug 3, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.

  • CVE-2020-4319MedJul 28, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.

  • CVE-2020-4405MedJul 27, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484.

  • CVE-2020-4361MedJul 20, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.

  • CVE-2020-4173MedJul 9, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be…

  • CVE-2019-4704MedJul 1, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie…

  • CVE-2020-4322MedJun 24, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further…

  • CVE-2020-4357MedMay 27, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.

  • CVE-2020-4365MedMay 14, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.

  • CVE-2020-4299MedMay 14, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.

  • CVE-2020-4312MedMay 13, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089.

  • CVE-2020-4446MedMay 6, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126.

  • CVE-2019-4288MedApr 29, 2020
    risk 0.28cvss 4.3epss 0.00

    IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631.

  • CVE-2019-4286MedApr 29, 2020
    risk 0.28cvss 4.3epss 0.00

    IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.

  • CVE-2020-4329MedApr 28, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID:…

  • CVE-2019-4729MedApr 27, 2020
    risk 0.28cvss 4.3epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.

  • CVE-2020-4260MedApr 16, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.

  • CVE-2019-4593MedApr 15, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.

  • CVE-2020-4291MedApr 8, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334.

  • CVE-2020-4282MedApr 8, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205.

  • CVE-2019-4603MedApr 8, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295.

  • CVE-2019-4601MedApr 8, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system.

  • CVE-2020-4199MedMar 18, 2020
    risk 0.28cvss 4.3epss 0.00

    IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.

  • CVE-2019-4726MedFeb 26, 2020
    risk 0.28cvss 4.3epss 0.00

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363.

  • CVE-2019-4745MedFeb 24, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.

  • CVE-2019-4583MedFeb 20, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289.

  • CVE-2019-4679MedJan 28, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515.

  • CVE-2019-4637MedJan 28, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043.

  • CVE-2019-4633MedJan 28, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.

  • CVE-2019-4655MedDec 30, 2019
    risk 0.28cvss 4.3epss 0.01

    IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.

Page 94 of 166