Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2020-4470 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Spectrum Protect Plus
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2020-4469 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE IBM Command Injection Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
13.4%
CVE-2020-4406 MEDIUM This Month

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Microsoft Spectrum Protect Client Spectrum Protect For Space Management
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4216 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-4251 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Api Connect
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4380 MEDIUM This Month

IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Workload Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4436 HIGH This Week

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Aspera Application Platform On Demand Aspera Faspex On Demand +8
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-4435 HIGH This Week

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption Aspera Application Platform On Demand +9
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-4434 HIGH This Week

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Aspera Application Platform On Demand Aspera Faspex On Demand +8
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-4433 HIGH This Week

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Aspera Application Platform On Demand Aspera Faspex On Demand +8
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-4432 HIGH This Week

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Command Injection Aspera Application Platform On Demand Aspera Faspex On Demand Aspera High Speed Transfer Endpoint +7
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-9412 CRITICAL Act Now

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Managed File Transfer Platform Server
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-9411 CRITICAL Act Now

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Managed File Transfer Platform Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-4529 HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Maximo Asset Management
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2020-4450 CRITICAL PATCH Act Now

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization Websphere Application Server
NVD
CVSS 3.1
9.8
EPSS
33.9%
CVE-2020-4449 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Deserialization Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-4448 CRITICAL PATCH Act Now

IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization Websphere Application Server Websphere Virtual Enterprise
NVD
CVSS 3.1
9.8
EPSS
12.2%
CVE-2020-4229 HIGH PATCH This Week

IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Session Fixation Authentication Bypass Mobile Foundation
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2020-4509 HIGH This Week

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.6
EPSS
1.5%
CVE-2020-4193 CRITICAL Act Now

IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-4191 MEDIUM This Month

IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-4183 MEDIUM This Month

IBM Security Guardium 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4307 MEDIUM PATCH This Month

IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service IBM Security Guardium
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-4190 MEDIUM PATCH This Month

IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-4187 MEDIUM PATCH This Month

IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4182 MEDIUM PATCH This Month

IBM Security Guardium 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4180 HIGH PATCH This Week

IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-4177 CRITICAL PATCH Act Now

IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-4503 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-4431 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4367 HIGH PATCH This Week

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics Local
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4366 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4360 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4490 MEDIUM This Month

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-4352 HIGH This Week

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation IBM Mq For Hpe Nonstop
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-4306 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4248 LOW Monitor

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2020-4419 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4249 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4246 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-4245 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-4244 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4233 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-4232 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-4231 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4379 HIGH PATCH This Week

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4378 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Spectrum Scale
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-4358 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Scale
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4357 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-4350 HIGH PATCH This Week

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4349 HIGH PATCH This Week

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4348 MEDIUM PATCH This Month

IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Spectrum Scale
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4226 HIGH PATCH This Week

IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mobilefirst Platform Foundation
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-4461 MEDIUM This Month

IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4412 MEDIUM This Month

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-4411 HIGH This Week

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-4298 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4286 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-4345 LOW Monitor

IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM SQLi
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-4468 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4467 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4422 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4365 MEDIUM This Month

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Information Disclosure Websphere Application Server
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-4343 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4299 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-4288 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4287 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4285 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4266 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4265 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-4264 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4263 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4262 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4261 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4259 MEDIUM This Month

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sterling File Gateway
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4258 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4257 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4312 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-4346 MEDIUM PATCH This Month

IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4195 MEDIUM PATCH This Month

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Api Connect
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4430 MEDIUM KEV PATCH THREAT This Month

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Data Risk Manager
NVD
CVSS 3.1
4.3
EPSS
68.5%
CVE-2020-4429 CRITICAL POC PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

RCE IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
9.8
EPSS
71.4%
CVE-2020-4428 CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Data Risk Manager
NVD
CVSS 3.1
9.1
EPSS
61.7%
CVE-2020-4427 CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
9.8
EPSS
70.0%
CVE-2020-4446 MEDIUM This Month

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-4421 MEDIUM This Month

IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4384 MEDIUM This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server On Cloud Infosphere Qualitystage
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4209 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-4329 MEDIUM This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-4267 MEDIUM This Month

IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Mq Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
1.3%
EPSS 2% CVSS 8.0
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM +1
NVD
EPSS 13% CVSS 9.8
CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE IBM Command Injection +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Microsoft +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Spectrum Protect Plus
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Api Connect
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Workload Scheduler
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM +10
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM +11
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM +10
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM +10
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Command Injection Aspera Application Platform On Demand +9
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Managed File Transfer Platform Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Managed File Transfer Platform Server
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Maximo Asset Management
NVD
EPSS 34% CVSS 9.8
CRITICAL PATCH Act Now

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Deserialization Websphere Application Server
NVD
EPSS 12% CVSS 9.8
CRITICAL PATCH Act Now

IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization +2
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Session Fixation Authentication Bypass +1
NVD
EPSS 2% CVSS 7.6
HIGH This Week

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Security Guardium 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service IBM Security Guardium
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Guardium
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Security Guardium 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Guardium
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics Local
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation IBM Mq For Hpe Nonstop
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 2.7
LOW Monitor

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Spectrum Scale
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Scale
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Spectrum Scale
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mobilefirst Platform Foundation
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Access Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Scale
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Scale
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Infosphere Information Server +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM SQLi
NVD
EPSS 3% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 3% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 3% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Information Disclosure +1
NVD
EPSS 3% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 3% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 3% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 3% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sterling File Gateway
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Api Connect
NVD
EPSS 69% CVSS 4.3
MEDIUM KEV PATCH THREAT This Month

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Data Risk Manager
NVD
EPSS 71% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

RCE IBM Authentication Bypass +1
NVD
EPSS 62% CVSS 9.1
CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Data Risk Manager
NVD
EPSS 70% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Data Risk Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Websphere Application Server
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server On Cloud +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Mq +1
NVD
Prev Page 28 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy