Skip to main content

IBM

5580 CVEs vendor

Monthly

CVE-2024-39747 CRITICAL Act Now

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-35133 HIGH POC This Week

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Open Redirect Security Verify Access Security Verify Access Docker
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
1.6%
CVE-2024-35118 MEDIUM This Month

IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google IBM Maas360 Mdm
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-39746 MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-39745 HIGH This Week

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39744 MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Sterling Connect Direct Web Services
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-35151 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Openpages Grc Platform Openpages With Watson
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41773 MEDIUM This Month

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Global Configuration Management
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-43819 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

IBM Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-40705 MEDIUM This Month

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-40704 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-31905 MEDIUM This Month

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Qradar Network Packet Capture
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-25024 MEDIUM This Month

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-37529 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-35152 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-35136 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Nosql Injection Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-31882 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Nosql Injection Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-28799 HIGH This Week

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-27267 MEDIUM This Month

The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Race Condition Java Denial Of Service Java Sdk
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-35124 HIGH This Week

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-41774 MEDIUM This Month

IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Common Licensing
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-40697 HIGH This Week

IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Brute Force Information Disclosure Common Licensing
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-39751 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-35143 CRITICAL Act Now

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Planning Analytics Workspace Planning Analytics Local
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-38321 MEDIUM This Month

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41065 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-40689 CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-28772 MEDIUM This Month

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Directory Integrator Security Directory Server Security Verify Access
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37533 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-28796 MEDIUM This Month

IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Rational Clearquest
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39741 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-39740 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39735 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39729 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39739 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-39737 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39736 CRITICAL Act Now

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-39731 HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39728 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39734 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-39733 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39732 HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-40690 MEDIUM This Month

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-25023 MEDIUM This Month

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-35154 HIGH This Week

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE IBM Websphere Application Server
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-39743 HIGH This Week

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Operator
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39742 CRITICAL Act Now

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Mq Operator
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-37528 MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Business Automation
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-31897 MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-38330 HIGH This Week

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-39723 MEDIUM This Month

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Virtualize
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-28794 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-31898 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28797 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35119 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-31902 HIGH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28798 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-28795 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38322 HIGH This Week

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35156 MEDIUM This Month

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-35116 HIGH This Week

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25053 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cognos Analytics
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-25041 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cognos Analytics
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25031 MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-35155 MEDIUM This Month

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-31919 HIGH This Week

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31912 HIGH This Week

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Mq
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35139 MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Access Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-35137 MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Docker Security Access Manager
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-35153 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-31916 HIGH This Week

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31883 MEDIUM This Month

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Denial Of Service Security Verify Access
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-38661 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Linux Denial Of Service IBM Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-38319 HIGH This Week

IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE Soar
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-31890 HIGH This Week

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37532 HIGH This Week

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jwt Attack Information Disclosure Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38329 HIGH This Week

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware IBM Storage Protect For Virtual Environments
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-31870 LOW Monitor

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-27275 HIGH This Week

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-25052 MEDIUM This Month

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-22333 LOW Monitor

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-31881 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-28762 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-31878 MEDIUM This Month

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-22326 MEDIUM This Month

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Ds8900F Firmware
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-35142 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35140 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Docker Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31908 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-31907 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-31889 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.2%
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
EPSS 2% CVSS 8.2
HIGH POC This Week

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Open Redirect Security Verify Access +1
NVD Exploit-DB
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google IBM +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Sterling Connect Direct Web Services
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Openpages Grc Platform +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Global Configuration Management
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

IBM Null Pointer Dereference Denial Of Service +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Qradar Network Packet Capture
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Nosql Injection +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Nosql Injection +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Race Condition Java +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Common Licensing
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Brute Force Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Planning Analytics Workspace +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Linux +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Infosphere Information Server +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Directory Integrator +2
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Rational Clearquest
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Datacap +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Datacap +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Datacap +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Operator
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Mq Operator
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Virtualize
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Infosphere Information Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cognos Analytics
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cognos Analytics
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Mq
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Docker +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Denial Of Service Security Verify Access
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Linux Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jwt Attack Information Disclosure +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware IBM +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Ds8900F Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Docker +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
Prev Page 12 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy