VYPR

Vendor CVEs

IBM

All CVEs

8,259 total · sorted by risk
  • CVE-2020-4640MedFeb 4, 2021
    risk 0.27cvss 4.1epss 0.00

    Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An…

  • CVE-2019-6155MedApr 22, 2019
    risk 0.27cvss 4.1epss 0.01

    A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.

  • CVE-2018-1843MedNov 21, 2018
    risk 0.27cvss 4.1epss 0.00

    The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff…

  • CVE-2018-1788MedNov 2, 2018
    risk 0.27cvss 4.1epss 0.00

    IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.

  • CVE-2018-1750MedOct 8, 2018
    risk 0.27cvss 4.2epss 0.01

    IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511.

  • CVE-2017-1396MedAug 6, 2018
    risk 0.27cvss 4.2epss 0.01

    IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342.

  • CVE-2018-1370MedMay 29, 2018
    risk 0.27cvss 4.2epss 0.01

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769.

  • CVE-2014-0872MedApr 25, 2018
    risk 0.27cvss 4.1epss 0.00

    The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.

  • CVE-2017-1624MedApr 4, 2018
    risk 0.27cvss 4.2epss 0.01

    IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122.

  • CVE-2017-1459MedJan 10, 2018
    risk 0.27cvss 4.2epss 0.01

    IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.

  • CVE-2016-2960LowAug 8, 2016
    risk 0.27cvss 3.7epss 0.40

    IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.

  • CVE-2015-7487MedJan 27, 2016
    risk 0.27cvss 4.1epss 0.00

    IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through…

  • CVE-2015-4960MedJan 17, 2016
    risk 0.27cvss 4.1epss 0.01

    IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

  • CVE-2025-14684MedMar 25, 2026
    risk 0.26cvss 4.0epss 0.00

    IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.

  • CVE-2025-1348MedJun 18, 2025
    risk 0.26cvss 4.0epss 0.00

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.

  • CVE-2025-1334MedJun 3, 2025
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2023-43035MedApr 10, 2025
    risk 0.26cvss 4.0epss 0.00

    IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2024-22315MedJan 28, 2025
    risk 0.26cvss 4.0epss 0.00

    IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.

  • CVE-2024-22349MedJan 20, 2025
    risk 0.26cvss 4.0epss 0.00

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2024-51462MedJan 17, 2025
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.

  • CVE-2022-35640MedJul 16, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.

  • CVE-2022-38383MedJun 28, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.

  • CVE-2024-22338MedMay 31, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.

  • CVE-2022-43841MedMay 30, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.

  • CVE-2024-22343MedMay 14, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190.

  • CVE-2023-46181MedMar 15, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.

  • CVE-2023-27545MedFeb 29, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.

  • CVE-2023-50306MedFeb 20, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337.

  • CVE-2023-50951MedFeb 17, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.

  • CVE-2023-47140MedJan 8, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls.

  • CVE-2023-47704MedDec 20, 2023
    risk 0.26cvss 4.0epss 0.01

    IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.

  • CVE-2022-34355MedOct 6, 2023
    risk 0.26cvss 4.0epss 0.00

    IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.

  • CVE-2022-22447MedOct 4, 2023
    risk 0.26cvss 4.0epss 0.00

    IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648.

  • CVE-2023-22593MedJun 27, 2023
    risk 0.26cvss 4.0epss 0.00

    IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.

  • CVE-2022-38707MedMay 5, 2023
    risk 0.26cvss 4.0epss 0.00

    IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.

  • CVE-2020-4556MedMar 15, 2023
    risk 0.26cvss 4.0epss 0.00

    IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329.

  • CVE-2022-42436MedFeb 12, 2023
    risk 0.26cvss 4.0epss 0.00

    IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.

  • CVE-2023-23469MedFeb 1, 2023
    risk 0.26cvss 4.0epss 0.00

    IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.

  • CVE-2023-22592MedJan 18, 2023
    risk 0.26cvss 4.0epss 0.00

    IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.

  • CVE-2022-34354MedNov 16, 2022
    risk 0.26cvss 4.0epss 0.00

    IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.

  • CVE-2022-34314MedNov 14, 2022
    risk 0.26cvss 4.0epss 0.00

    IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450.

  • CVE-2022-34312MedNov 14, 2022
    risk 0.26cvss 4.0epss 0.00

    IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.

  • CVE-2018-1623MedApr 2, 2019
    risk 0.26cvss 4.0epss 0.00

    IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.

  • CVE-2018-1962MedFeb 4, 2019
    risk 0.26cvss 4.0epss 0.00

    IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.

  • CVE-2018-1993MedJan 8, 2019
    risk 0.26cvss 4.0epss 0.00

    IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.

  • CVE-2018-1480MedDec 12, 2018
    risk 0.26cvss 4.0epss 0.01

    IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then…

  • CVE-2018-1957MedDec 10, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X-Force ID: 153629.

  • CVE-2018-1505MedDec 6, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413.

  • CVE-2018-1568MedDec 5, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.

  • CVE-2017-1418MedNov 26, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM…

Page 99 of 166