VYPR

Vendor CVEs

IBM

All CVEs

8,259 total · sorted by risk
  • CVE-2016-0320MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.

  • CVE-2016-8912MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

  • CVE-2016-6122MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.

  • CVE-2016-6044MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.

  • CVE-2016-6028MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.

  • CVE-2016-5949MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.

  • CVE-2016-5898MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.

  • CVE-2016-2987MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.

  • CVE-2016-2958MedNov 30, 2016
    risk 0.28cvss 4.3epss 0.02

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response.

  • CVE-2016-2957MedNov 30, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response.

  • CVE-2016-2928MedNov 25, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.

  • CVE-2016-0377MedOct 22, 2016
    risk 0.28cvss 4.3epss 0.02

    The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-0242MedOct 22, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message.

  • CVE-2016-5945MedSep 26, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request.

  • CVE-2016-3000MedSep 26, 2016
    risk 0.28cvss 4.3epss 0.01

    The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL.

  • CVE-2016-0357MedJul 15, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site.

  • CVE-2016-2882MedJul 2, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.

  • CVE-2016-0398MedJul 2, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.

  • CVE-2016-0364MedJul 1, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special…

  • CVE-2016-0381MedMay 15, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value.

  • CVE-2016-0211MedApr 28, 2016
    risk 0.28cvss 4.3epss 0.02

    IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.

  • CVE-2016-0289MedApr 5, 2016
    risk 0.28cvss 4.3epss 0.01

    shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.

  • CVE-2015-7454MedMar 21, 2016
    risk 0.28cvss 4.3epss 0.01

    Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass…

  • CVE-2016-0222MedMar 14, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.

  • CVE-2016-0232MedFeb 15, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.

  • CVE-2016-0231MedFeb 15, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs.

  • CVE-2015-7469MedJan 17, 2016
    risk 0.28cvss 4.3epss 0.01

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role.

  • CVE-2015-7468MedJan 17, 2016
    risk 0.28cvss 4.3epss 0.01

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.

  • CVE-2015-5051MedJan 3, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query…

  • CVE-2015-1971MedJan 3, 2016
    risk 0.28cvss 4.3epss 0.01

    Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before…

  • CVE-2015-7452MedJan 2, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.

  • CVE-2015-5020MedJan 2, 2016
    risk 0.28cvss 4.3epss 0.01

    The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors.

  • CVE-2015-7445MedJan 1, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.

  • CVE-2015-5001MedDec 21, 2015
    risk 0.28cvss 4.3epss 0.02

    IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document.

  • CVE-2024-45636MedJun 11, 2026
    risk 0.27cvss 4.1epss 0.00

    IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.

  • CVE-2025-36373MedApr 1, 2026
    risk 0.27cvss 4.1epss 0.00

    IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative…

  • CVE-2025-27907MedApr 22, 2025
    risk 0.27cvss 4.1epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

  • CVE-2024-49822MedMar 18, 2025
    risk 0.27cvss 4.1epss 0.00

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

  • CVE-2024-45638MedMar 14, 2025
    risk 0.27cvss 4.1epss 0.00

    IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

  • CVE-2023-38009MedJan 26, 2025
    risk 0.27cvss 4.2epss 0.00

    IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

  • CVE-2024-41780MedJan 3, 2025
    risk 0.27cvss 4.2epss 0.00

    IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry.

  • CVE-2024-49819MedDec 17, 2024
    risk 0.27cvss 4.1epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

  • CVE-2024-39732MedJul 14, 2024
    risk 0.27cvss 4.1epss 0.00

    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791.

  • CVE-2023-26282MedMar 5, 2024
    risk 0.27cvss 4.2epss 0.00

    IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415.

  • CVE-2023-33837MedOct 23, 2023
    risk 0.27cvss 4.1epss 0.00

    IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.

  • CVE-2020-4914MedMay 5, 2023
    risk 0.27cvss 4.2epss 0.00

    IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.

  • CVE-2023-25680MedMar 15, 2023
    risk 0.27cvss 4.2epss 0.01

    IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.

  • CVE-2021-39011MedJan 20, 2023
    risk 0.27cvss 4.2epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.

  • CVE-2022-22470MedJan 9, 2023
    risk 0.27cvss 4.1epss 0.00

    IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.

  • CVE-2022-22456MedDec 22, 2022
    risk 0.27cvss 4.2epss 0.00

    IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

Page 98 of 166