Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2022-22454 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Infosphere Information Server On Cloud
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-22481 MEDIUM PATCH This Month

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-22319 MEDIUM This Month

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-22434 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-22433 HIGH PATCH This Week

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-22415 MEDIUM This Month

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-22368 HIGH PATCH This Week

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22443 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22441 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-22427 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22322 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22315 HIGH PATCH This Week

IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-22345 MEDIUM PATCH This Month

IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.8
EPSS
1.8%
CVE-2022-22323 MEDIUM This Month

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption IBM Microsoft Buffer Overflow Denial Of Service +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-22312 MEDIUM This Month

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption IBM Microsoft Buffer Overflow Denial Of Service +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-22392 HIGH This Week

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE IBM File Upload Planning Analytics Workspace
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-22436 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22435 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22391 MEDIUM This Month

IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera High Speed Transfer Endpoint Aspera High Speed Transfer Server
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-22339 HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF IBM Planning Analytics
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2022-22410 HIGH This Week

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Watson Query
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-22356 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-22355 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-22404 MEDIUM PATCH This Month

IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service IBM App Connect Enterprise Certified Container
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-22332 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22331 HIGH PATCH This Week

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Partner Engagement Manager
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2022-22328 MEDIUM PATCH This Month

IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-22327 HIGH This Week

IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22311 MEDIUM PATCH This Month

IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-22374 CRITICAL Act Now

The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Power 9 Ac922 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-22316 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-22394 HIGH PATCH This Week

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Spectrum Protect
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-22354 HIGH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Copy Data Management Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-22353 MEDIUM This Month

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Big Sql
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-22348 LOW Monitor

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM CSRF Spectrum Protect Operations Center
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2022-22346 HIGH This Week

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Spectrum Protect Operations Center
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-22344 MEDIUM This Month

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Spectrum Copy Data Management
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22351 HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2022-22350 MEDIUM This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22321 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Mq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22349 MEDIUM PATCH This Month

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Path Traversal Sterling External Authentication Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-22336 HIGH This Week

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-22333 MEDIUM PATCH This Month

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

IBM Buffer Overflow Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-22308 HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-38876 MEDIUM PATCH This Month

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38961 MEDIUM This Month

IBM OPENBMC OP910 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Power System Ac922 8335 Gtg Firmware Power System Ac922 8335 Gtc Firmware Power System Ac922 8335 Gtw Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-39013 MEDIUM This Month

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38966 MEDIUM This Month

IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Automation Workflow Process Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38900 MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow Business Process Manager Workflow Process Service
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-38893 MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow Business Process Manager Workflow Process Service
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-38883 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29847 MEDIUM This Month

BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Power Hardware Management Console 7063 Cr1 Firmware Power System Cs822Lc 8005 22N Firmware Power System Cs821Lc 8005 12N Firmware +2
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-38950 HIGH PATCH This Week

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Privilege Escalation Mq For Hpe Nonstop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-39063 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2021-39057 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Spectrum Protect Plus
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-39050 HIGH This Week

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39049 HIGH This Week

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39048 MEDIUM PATCH This Month

IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service IBM Memory Corruption Spectrum Protect Backup Archive Client +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-38901 MEDIUM PATCH This Month

IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Spectrum Protect Operations Center
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-39065 CRITICAL PATCH Act Now

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Spectrum Copy Data Management
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-39064 HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Spectrum Copy Data Management
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-39058 HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Copy Data Management
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-39054 MEDIUM PATCH This Month

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Spectrum Copy Data Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-39053 HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Copy Data Management
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-39052 CRITICAL PATCH Act Now

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Java Spectrum Copy Data Management
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38947 HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Copy Data Management
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-38937 MEDIUM This Month

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Powervm Hypervisor
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-38917 CRITICAL Act Now

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Powervm Hypervisor
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-39002 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure Db2 Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-38951 HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-38931 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure Db2 Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-38926 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure Db2 Oncommand Insight
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-29678 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Microsoft Authentication Bypass Db2 Oncommand Insight
NVD
CVSS 3.1
8.7
EPSS
1.1%
CVE-2021-20373 HIGH PATCH This Week

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Db2
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-38909 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-29867 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-29756 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-29719 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-29716 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20493 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20470 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-29863 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-29849 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29779 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Microsoft Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-20400 HIGH PATCH This Week

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-39000 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-38999 MEDIUM PATCH This Month

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38967 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection Mq Appliance
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-38958 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38873 HIGH PATCH This Week

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Planning Analytics
NVD
CVSS 3.1
7.8
EPSS
1.8%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Infosphere Information Server On Cloud
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation +1
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
EPSS 2% CVSS 4.8
MEDIUM PATCH This Month

IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption IBM Microsoft +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption IBM Microsoft +3
NVD
EPSS 2% CVSS 7.8
HIGH This Week

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE IBM File Upload +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera High Speed Transfer Endpoint +1
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF IBM Planning Analytics
NVD
EPSS 1% CVSS 7.2
HIGH This Week

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Watson Query
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Mq Appliance
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Mq Appliance
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service IBM App Connect Enterprise Certified Container
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Partner Engagement Manager
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Urbancode Deploy
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Verify Access
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Power 9 Ac922 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq Appliance
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Spectrum Protect
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Copy Data Management +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Big Sql
NVD
EPSS 0% CVSS 2.4
LOW Monitor

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM CSRF Spectrum Protect Operations Center
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Spectrum Protect Operations Center
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Spectrum Copy Data Management
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Vios +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Mq
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Path Traversal Sterling External Authentication Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Sterling External Authentication Server +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

IBM Buffer Overflow Sterling External Authentication Server +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM OPENBMC OP910 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Power System Ac922 8335 Gtg Firmware +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Automation +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow +2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Power Hardware Management Console 7063 Cr1 Firmware +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Privilege Escalation Mq For Hpe Nonstop
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Spectrum Protect Plus
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service IBM +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Spectrum Protect Operations Center
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Spectrum Copy Data Management
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Spectrum Copy Data Management
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Copy Data Management
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Spectrum Copy Data Management
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Copy Data Management
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Java +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Copy Data Management
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Powervm Hypervisor
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Powervm Hypervisor
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure +2
NVD
EPSS 1% CVSS 8.7
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Microsoft Authentication Bypass +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Db2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cognos Analytics +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cognos Analytics +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF IBM Cognos Analytics +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cognos Analytics +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cognos Analytics +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cognos Analytics +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mq Appliance
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mq Appliance
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Mq Appliance
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Planning Analytics
NVD
Prev Page 20 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy