Skip to main content
CVE-2015-7450 CRITICAL POC KEV THREAT Emergency

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenticated network attackers to execute arbitrary commands by sending malicious serialized Java objects exploiting the Apache Commons Collections InvokerTransformer class. This vulnerability is confirmed actively exploited in the wild per CISA KEV, with public exploit code available (Exploit-DB 41613) and an exceptionally high EPSS score of 93.49%, indicating near-certain exploitation probability. Affected products include Sterling B2B Integrator 5.2, Sterling Integrator 5.1, and Tivoli Common Reporting versions 2.1 through 3.1.2.1.

Java Apache Deserialization IBM
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.5%
Threat
9.8
CVE-2015-2023 HIGH POC This Week

Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Buffer Overflow Microsoft I Access
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-7426 CRITICAL Act Now

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Command Injection VMware Spectrum Protect For Virtual Environments Spectrum Protect Snapshot
NVD
CVSS 3.0
10.0
EPSS
2.7%
CVE-2015-7422 MEDIUM POC This Month

Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Denial Of Service Buffer Overflow Microsoft I Access
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-7407 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Mashups Center
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-7429 HIGH This Week

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure VMware Spectrum Protect For Virtual Environments Spectrum Protect Snapshot
NVD
CVSS 3.0
8.5
EPSS
0.3%
CVE-2015-7430 HIGH This Week

The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Hadoop
NVD
CVSS 3.0
8.4
EPSS
0.0%
CVE-2015-5018 HIGH This Week

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Command Injection Security Access Manager 9 0 Firmware Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware
NVD
CVSS 3.0
8.0
EPSS
1.3%
CVE-2015-7400 HIGH This Week

The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service XXE Mashups Center
NVD
CVSS 3.0
7.7
EPSS
0.8%
CVE-2015-8027 HIGH This Week

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2015-7442 HIGH This Week

consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Privilege Escalation Installation Manager Packaging Utility
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-1928 MEDIUM This Month

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Rhapsody Design Manager Rational Requirements Composer +5
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2015-7431 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7437 MEDIUM This Month

Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-7451 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Asset Management Maximo Asset Management Essentials Maximo For Government +6
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-7402 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-7396 MEDIUM This Month

The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Maximo Asset Management Essentials Maximo For Government +6
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2015-4996 MEDIUM This Month

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Rational Clearquest
NVD
CVSS 3.0
5.1
EPSS
0.0%
CVE-2015-7438 MEDIUM This Month

IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. Rated medium severity (CVSS 4.7). No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2015-7452 MEDIUM This Month

IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Asset Management Maximo Asset Management Essentials Maximo For Government +6
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5020 MEDIUM This Month

The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Infosphere Biginsights
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2015-7416 MEDIUM This Month

AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft I Access
NVD
CVSS 3.0
4.0
EPSS
0.2%
CVE-2015-7403 MEDIUM This Month

IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service General Parallel File System Spectrum Scale
NVD
CVSS 3.0
4.0
EPSS
0.1%
CVE-2015-4990 MEDIUM This Month

The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before. Rated medium severity (CVSS 4.0). No vendor patch available.

IBM Information Disclosure Tealeaf Customer Experience
NVD
CVSS 3.0
4.0
EPSS
0.1%
CVE-2015-4989 LOW Monitor

The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Tealeaf Customer Experience
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2015-7435 LOW Monitor

IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Authentication Bypass Tivoli Common Reporting
NVD
CVSS 3.0
2.5
EPSS
0.0%
CVE-2015-7436 LOW Monitor

IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Privilege Escalation Tivoli Common Reporting
NVD
CVSS 3.0
2.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy