Vendor CVEs
IBM
All CVEs
8,259 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-4640 | Med | 0.27 | 4.1 | 0.00 | Feb 4, 2021 | Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An… | ||
| CVE-2019-6155 | Med | 0.27 | 4.1 | 0.01 | Apr 22, 2019 | A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. | ||
| CVE-2018-1843 | Med | 0.27 | 4.1 | 0.00 | Nov 21, 2018 | The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff… | ||
| CVE-2018-1788 | Med | 0.27 | 4.1 | 0.00 | Nov 2, 2018 | IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873. | ||
| CVE-2018-1750 | Med | 0.27 | 4.2 | 0.01 | Oct 8, 2018 | IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511. | ||
| CVE-2017-1396 | Med | 0.27 | 4.2 | 0.01 | Aug 6, 2018 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342. | ||
| CVE-2018-1370 | Med | 0.27 | 4.2 | 0.01 | May 29, 2018 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769. | ||
| CVE-2014-0872 | Med | 0.27 | 4.1 | 0.00 | Apr 25, 2018 | The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. | ||
| CVE-2017-1624 | Med | 0.27 | 4.2 | 0.01 | Apr 4, 2018 | IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122. | ||
| CVE-2017-1459 | Med | 0.27 | 4.2 | 0.01 | Jan 10, 2018 | IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378. | ||
| CVE-2016-2960 | Low | 0.27 | 3.7 | 0.40 | Aug 8, 2016 | IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages. | ||
| CVE-2015-7487 | Med | 0.27 | 4.1 | 0.00 | Jan 27, 2016 | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through… | ||
| CVE-2015-4960 | Med | 0.27 | 4.1 | 0.01 | Jan 17, 2016 | IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | ||
| CVE-2025-14684 | Med | 0.26 | 4.0 | 0.00 | Mar 25, 2026 | IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files. | ||
| CVE-2025-1348 | Med | 0.26 | 4.0 | 0.00 | Jun 18, 2025 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy. | ||
| CVE-2025-1334 | Med | 0.26 | 4.0 | 0.00 | Jun 3, 2025 | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system. | ||
| CVE-2023-43035 | Med | 0.26 | 4.0 | 0.00 | Apr 10, 2025 | IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. | ||
| CVE-2024-22315 | Med | 0.26 | 4.0 | 0.00 | Jan 28, 2025 | IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection. | ||
| CVE-2024-22349 | Med | 0.26 | 4.0 | 0.00 | Jan 20, 2025 | IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system. | ||
| CVE-2024-51462 | Med | 0.26 | 4.0 | 0.00 | Jan 17, 2025 | IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. | ||
| CVE-2022-35640 | Med | 0.26 | 4.0 | 0.00 | Jul 16, 2024 | IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933. | ||
| CVE-2022-38383 | Med | 0.26 | 4.0 | 0.00 | Jun 28, 2024 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673. | ||
| CVE-2024-22338 | Med | 0.26 | 4.0 | 0.00 | May 31, 2024 | IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | ||
| CVE-2022-43841 | Med | 0.26 | 4.0 | 0.00 | May 30, 2024 | IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078. | ||
| CVE-2024-22343 | Med | 0.26 | 4.0 | 0.00 | May 14, 2024 | IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190. | ||
| CVE-2023-46181 | Med | 0.26 | 4.0 | 0.00 | Mar 15, 2024 | IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686. | ||
| CVE-2023-27545 | Med | 0.26 | 4.0 | 0.00 | Feb 29, 2024 | IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947. | ||
| CVE-2023-50306 | Med | 0.26 | 4.0 | 0.00 | Feb 20, 2024 | IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337. | ||
| CVE-2023-50951 | Med | 0.26 | 4.0 | 0.00 | Feb 17, 2024 | IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747. | ||
| CVE-2023-47140 | Med | 0.26 | 4.0 | 0.00 | Jan 8, 2024 | IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. | ||
| CVE-2023-47704 | Med | 0.26 | 4.0 | 0.01 | Dec 20, 2023 | IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. | ||
| CVE-2022-34355 | Med | 0.26 | 4.0 | 0.00 | Oct 6, 2023 | IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498. | ||
| CVE-2022-22447 | Med | 0.26 | 4.0 | 0.00 | Oct 4, 2023 | IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648. | ||
| CVE-2023-22593 | Med | 0.26 | 4.0 | 0.00 | Jun 27, 2023 | IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074. | ||
| CVE-2022-38707 | Med | 0.26 | 4.0 | 0.00 | May 5, 2023 | IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. | ||
| CVE-2020-4556 | Med | 0.26 | 4.0 | 0.00 | Mar 15, 2023 | IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329. | ||
| CVE-2022-42436 | Med | 0.26 | 4.0 | 0.00 | Feb 12, 2023 | IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. | ||
| CVE-2023-23469 | Med | 0.26 | 4.0 | 0.00 | Feb 1, 2023 | IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504. | ||
| CVE-2023-22592 | Med | 0.26 | 4.0 | 0.00 | Jan 18, 2023 | IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. | ||
| CVE-2022-34354 | Med | 0.26 | 4.0 | 0.00 | Nov 16, 2022 | IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. | ||
| CVE-2022-34314 | Med | 0.26 | 4.0 | 0.00 | Nov 14, 2022 | IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. | ||
| CVE-2022-34312 | Med | 0.26 | 4.0 | 0.00 | Nov 14, 2022 | IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. | ||
| CVE-2018-1623 | Med | 0.26 | 4.0 | 0.00 | Apr 2, 2019 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408. | ||
| CVE-2018-1962 | Med | 0.26 | 4.0 | 0.00 | Feb 4, 2019 | IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658. | ||
| CVE-2018-1993 | Med | 0.26 | 4.0 | 0.00 | Jan 8, 2019 | IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440. | ||
| CVE-2018-1480 | Med | 0.26 | 4.0 | 0.01 | Dec 12, 2018 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then… | ||
| CVE-2018-1957 | Med | 0.26 | 4.0 | 0.00 | Dec 10, 2018 | IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X-Force ID: 153629. | ||
| CVE-2018-1505 | Med | 0.26 | 4.0 | 0.00 | Dec 6, 2018 | IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413. | ||
| CVE-2018-1568 | Med | 0.26 | 4.0 | 0.00 | Dec 5, 2018 | IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118. | ||
| CVE-2017-1418 | Med | 0.26 | 4.0 | 0.00 | Nov 26, 2018 | IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM… |
- risk 0.27cvss 4.1epss 0.00
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An…
- risk 0.27cvss 4.1epss 0.01
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
- risk 0.27cvss 4.1epss 0.00
The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff…
- risk 0.27cvss 4.1epss 0.00
IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.
- risk 0.27cvss 4.2epss 0.01
IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511.
- risk 0.27cvss 4.2epss 0.01
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342.
- risk 0.27cvss 4.2epss 0.01
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769.
- risk 0.27cvss 4.1epss 0.00
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.
- risk 0.27cvss 4.2epss 0.01
IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122.
- risk 0.27cvss 4.2epss 0.01
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.
- risk 0.27cvss 3.7epss 0.40
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.
- risk 0.27cvss 4.1epss 0.00
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through…
- risk 0.27cvss 4.1epss 0.01
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
- risk 0.26cvss 4.0epss 0.00
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.
- risk 0.26cvss 4.0epss 0.00
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.
- risk 0.26cvss 4.0epss 0.00
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system.
- risk 0.26cvss 4.0epss 0.00
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.
- risk 0.26cvss 4.0epss 0.00
IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
- risk 0.26cvss 4.0epss 0.00
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.
- risk 0.26cvss 4.0epss 0.00
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.
- risk 0.26cvss 4.0epss 0.00
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.
- risk 0.26cvss 4.0epss 0.00
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.
- risk 0.26cvss 4.0epss 0.00
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.
- risk 0.26cvss 4.0epss 0.00
IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.
- risk 0.26cvss 4.0epss 0.00
IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190.
- risk 0.26cvss 4.0epss 0.00
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.
- risk 0.26cvss 4.0epss 0.00
IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.
- risk 0.26cvss 4.0epss 0.00
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337.
- risk 0.26cvss 4.0epss 0.00
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.
- risk 0.26cvss 4.0epss 0.00
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls.
- risk 0.26cvss 4.0epss 0.01
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.
- risk 0.26cvss 4.0epss 0.00
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.
- risk 0.26cvss 4.0epss 0.00
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648.
- risk 0.26cvss 4.0epss 0.00
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
- risk 0.26cvss 4.0epss 0.00
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.
- risk 0.26cvss 4.0epss 0.00
IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329.
- risk 0.26cvss 4.0epss 0.00
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.
- risk 0.26cvss 4.0epss 0.00
IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.
- risk 0.26cvss 4.0epss 0.00
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.
- risk 0.26cvss 4.0epss 0.00
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.
- risk 0.26cvss 4.0epss 0.00
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450.
- risk 0.26cvss 4.0epss 0.00
IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.
- risk 0.26cvss 4.0epss 0.00
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.
- risk 0.26cvss 4.0epss 0.00
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
- risk 0.26cvss 4.0epss 0.00
IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.
- risk 0.26cvss 4.0epss 0.01
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then…
- risk 0.26cvss 4.0epss 0.00
IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X-Force ID: 153629.
- risk 0.26cvss 4.0epss 0.00
IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413.
- risk 0.26cvss 4.0epss 0.00
IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.
- risk 0.26cvss 4.0epss 0.00
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM…
Page 99 of 166