Skip to main content

IBM

5606 CVEs vendor

Monthly

CVE-2022-43901 MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-43900 MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-41297 MEDIUM This Month

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Db2 On Cloud Pak For Data Db2 Warehouse On Cloud Pak For Data Db2U
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-41732 MEDIUM This Month

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-40228 MEDIUM This Month

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Datapower Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-40746 MEDIUM PATCH This Month

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking. Rated medium severity (CVSS 6.7). This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection IBM I Access Client Solutions
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-40751 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Urbancode Deploy
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-38390 MEDIUM PATCH This Month

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40752 CRITICAL PATCH Act Now

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-34354 LOW PATCH Monitor

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Partner Engagement Manager
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-40753 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38385 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cloud Pak For Security
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-34320 HIGH PATCH This Week

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-34317 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34316 MEDIUM PATCH This Month

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-34315 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34314 LOW PATCH Monitor

IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-38705 MEDIUM PATCH This Month

IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-34329 MEDIUM PATCH This Month

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-34319 HIGH PATCH This Week

IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-34313 LOW PATCH Monitor

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
3.1
EPSS
0.6%
CVE-2022-34312 LOW PATCH Monitor

IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-35719 MEDIUM PATCH This Month

IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq Internet Pass Thru
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-40750 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38387 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Cloud Pak For Security
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36776 MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cloud Pak For Security
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31772 MEDIUM PATCH This Month

IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Mq
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34331 CRITICAL Act Now

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Powervm Hypervisor
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-43574 HIGH PATCH This Week

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

IBM Privilege Escalation Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-42442 LOW Monitor

IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-40747 CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Infosphere Information Server
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-40235 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40230 MEDIUM PATCH This Month

"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-38712 MEDIUM PATCH This Month

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass IBM Websphere Application Server
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-38710 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-35717 HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Infosphere Information Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-35642 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35279 MEDIUM PATCH This Month

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Business Automation Workflow
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-34339 MEDIUM PATCH This Month

"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cognos Analytics
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-30615 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30608 HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-22442 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-22425 CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-38388 MEDIUM PATCH This Month

IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Authentication Bypass IBM Navigator Mobile
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34334 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Session Fixation IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-41291 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-36772 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34308 MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Cics Tx
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-30613 MEDIUM PATCH This Month

IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22493 HIGH PATCH This Week

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-22480 HIGH PATCH This Week

IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41294 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-38709 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-36774 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-22503 MEDIUM This Month

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-39168 HIGH PATCH This Week

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak Robotic Process Automation For Services
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-36771 MEDIUM PATCH This Month

IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Qradar User Behavior Analytics
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-35722 MEDIUM PATCH This Month

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35282 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

SSRF Information Disclosure IBM Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-22387 MEDIUM PATCH This Month

IBM Application Gateway is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40748 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-35721 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34348 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2022-22423 MEDIUM PATCH This Month

IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Common Cryptographic Architecture
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-40616 HIGH This Week

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Maximo Asset Management
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-40608 HIGH This Week

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-40234 MEDIUM This Month

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Spectrum Protect Plus
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-36768 HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-35637 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft IBM Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-34356 HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34336 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22483 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Microsoft Information Disclosure Authentication Bypass +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-22330 MEDIUM This Month

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Control Desk
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-22329 MEDIUM This Month

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Control Desk
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34165 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22314 LOW PATCH Monitor

IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Planning Analytics Workspace
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-36773 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2022-30614 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-35714 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31773 HIGH PATCH This Week

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Datapower Gateway
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-22489 CRITICAL PATCH Act Now

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Mq
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-22455 CRITICAL PATCH Act Now

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-35715 HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-35280 CRITICAL Act Now

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Brute Force Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-22490 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure IBM Path Traversal Robotic Process Automation +2
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-22411 MEDIUM PATCH This Month

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure IBM Spectrum Scale Data Access Services
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-22369 HIGH This Week

IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Workload Scheduler
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-34307 MEDIUM PATCH This Month

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34164 MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34163 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.6%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Db2 On Cloud Pak For Data +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Datapower Gateway
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking. Rated medium severity (CVSS 6.7). This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection IBM +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Urbancode Deploy
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection IBM Infosphere Information Server +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Partner Engagement Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cloud Pak For Security
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Cics Tx
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq Internet Pass Thru
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Websphere Application Server
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Cloud Pak For Security
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cloud Pak For Security
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Mq
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Powervm Hypervisor
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

IBM Privilege Escalation Robotic Process Automation +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation For Cloud Pak
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Infosphere Information Server
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Mq Appliance
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass IBM Websphere Application Server
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Business Automation Workflow
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cognos Analytics
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Infosphere Information Server +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Authentication Bypass IBM +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Session Fixation IBM +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Cics Tx
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Robotic Process Automation For Cloud Pak
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Robotic Process Automation +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Qradar User Behavior Analytics
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

SSRF Information Disclosure IBM +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Application Gateway is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Application Gateway
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Sterling Partner Engagement Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Common Cryptographic Architecture
NVD
EPSS 0% CVSS 8.1
HIGH This Week

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Maximo Asset Management
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Path Traversal +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Spectrum Protect Plus
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure IBM Vios +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft IBM Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure IBM Vios +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Websphere Application Server
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Microsoft +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Control Desk
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Control Desk
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Websphere Application Server
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Planning Analytics Workspace
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Cognos Analytics +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Cognos Analytics +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Datapower Gateway
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Mq
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Brute Force +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure IBM +4
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure IBM Spectrum Scale Data Access Services
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Workload Scheduler
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Cics Tx
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
Prev Page 18 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy