Skip to main content

IBM

5588 CVEs vendor

Monthly

CVE-2023-25688 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-25684 CRITICAL PATCH Act Now

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25923 HIGH PATCH This Week

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-25686 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27874 HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Aspera Faspex
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-27873 MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27871 HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-25689 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-25687 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-27875 HIGH PATCH This Week

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22591 LOW Monitor

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password. Rated low severity (CVSS 3.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
3.2
EPSS
0.2%
CVE-2023-25680 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22876 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-26284 HIGH This Week

IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Mq Certified Container
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-24975 MEDIUM This Month

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Spectrum Symphony
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27290 CRITICAL POC Act Now

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Authentication Bypass IBM Observability With Instana
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
8.6%
CVE-2023-26281 HIGH PATCH This Week

IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Http Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22860 MEDIUM PATCH This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25928 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-24960 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-24964 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-22868 MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Aspera Faspex
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23475 MEDIUM PATCH This Month

IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-23477 CRITICAL Act Now

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection IBM Websphere Application Server
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-23469 LOW Monitor

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-22863 MEDIUM PATCH This Month

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-22594 MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22592 HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass IBM Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22875 HIGH This Week

IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-43860 MEDIUM PATCH This Month

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-22449 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-43849 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-43848 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-41290 HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

IBM Privilege Escalation Vios Aix
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2022-39164 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-43381 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-43380 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-40233 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-39165 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-22458 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-22457 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-22456 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Verify Governance
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-43859 MEDIUM PATCH This Month

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-43858 MEDIUM PATCH This Month

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-43857 MEDIUM PATCH This Month

IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-35646 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Security Verify Governance
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-22461 HIGH PATCH This Week

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-43382 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-39166 MEDIUM PATCH This Month

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Security Guardium
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-38391 HIGH PATCH This Week

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Spectrum Control
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-46771 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Urbancode Deploy
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-43875 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Financial Transaction Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-43872 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Financial Transaction Manager
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-43887 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Analytics
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-43883 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Cognos Analytics
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39160 MEDIUM PATCH This Month

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cognos Analytics
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38708 CRITICAL PATCH Act Now

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF IBM Cognos Analytics
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-40607 MEDIUM This Month

IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Spectrum Scale
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2022-44755 HIGH This Week

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Notes
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-44754 HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Domino
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44753 HIGH This Week

HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Notes
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44752 HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Domino
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44751 HIGH This Week

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Notes
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44750 HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Domino
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-34318 MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XSS Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22488 MEDIUM This Month

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Power System Ac922 8335 Gtg Firmware Power System Ac922 8335 Gth Firmware Power System Ac922 8335 Gtx Firmware
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-41296 HIGH This Week

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Db2 Db2 Warehouse
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-41299 MEDIUM This Month

IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Transformation Advisor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-43581 HIGH PATCH This Week

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

IBM Buffer Overflow Content Navigator
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41735 MEDIUM PATCH This Month

IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-43867 HIGH PATCH This Week

IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Spectrum Scale Container Native Storage Access
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34361 HIGH PATCH This Week

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-43901 MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-43900 MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-41297 MEDIUM This Month

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Db2 On Cloud Pak For Data Db2 Warehouse On Cloud Pak For Data Db2U
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-41732 MEDIUM This Month

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-40228 MEDIUM This Month

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Datapower Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-40746 MEDIUM PATCH This Month

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking. Rated medium severity (CVSS 6.7). This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection IBM I Access Client Solutions
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-40751 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Urbancode Deploy
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-38390 MEDIUM PATCH This Month

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40752 CRITICAL PATCH Act Now

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-34354 LOW PATCH Monitor

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Partner Engagement Manager
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-40753 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38385 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cloud Pak For Security
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-34320 HIGH PATCH This Week

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-34317 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34316 MEDIUM PATCH This Month

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-34315 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34314 LOW PATCH Monitor

IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-38705 MEDIUM PATCH This Month

IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.7%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass IBM +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Aspera Faspex
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Aspera Faspex
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Aspera Faspex
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
EPSS 0% CVSS 3.2
LOW Monitor

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password. Rated low severity (CVSS 3.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Sterling B2b Integrator
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Mq Certified Container
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Spectrum Symphony
NVD
EPSS 9% CVSS 9.1
CRITICAL POC Act Now

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Authentication Bypass IBM +1
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Http Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Aspera Faspex
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection IBM +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass IBM Robotic Process Automation For Cloud Pak
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

IBM Privilege Escalation Vios +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Vios +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Denial Of Service Vios +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Vios +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Verify Governance
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Security Verify Governance
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Denial Of Service Vios +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Security Guardium
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Spectrum Control
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Urbancode Deploy
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Financial Transaction Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Financial Transaction Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Analytics
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Cognos Analytics
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cognos Analytics
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF IBM Cognos Analytics
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Spectrum Scale
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE +2
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XSS Cics Tx
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Power System Ac922 8335 Gtg Firmware +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Db2 +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Transformation Advisor
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

IBM Buffer Overflow Content Navigator
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Spectrum Scale Container Native Storage Access
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Secure Proxy
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Db2 On Cloud Pak For Data +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Datapower Gateway
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking. Rated medium severity (CVSS 6.7). This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection IBM +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Urbancode Deploy
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection IBM Infosphere Information Server +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Partner Engagement Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cloud Pak For Security
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Cics Tx
NVD
Prev Page 17 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy