Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2019-4477 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-4442 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2019-4342 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-4271 LOW PATCH Monitor

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
3.5
EPSS
0.8%
CVE-2019-4270 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4268 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2019-4183 HIGH PATCH This Week

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-4175 HIGH PATCH This Week

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-4171 LOW PATCH Monitor

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
3.7
EPSS
0.6%
CVE-2019-4086 MEDIUM PATCH This Month

IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Application Performance Management
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-4147 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Sterling File Gateway
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2019-4321 HIGH This Week

IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force IBM Information Disclosure Intelligent Operations Center Intelligent Operations Center For Emergency Management +1
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-4186 MEDIUM This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Jazz For Service Management
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-4149 MEDIUM This Month

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4536 MEDIUM PATCH This Month

IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect. Rated medium severity (CVSS 6.3). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2019-4133 MEDIUM This Month

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Automation Manager
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2019-4132 LOW Monitor

IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Automation Manager
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2019-10391 Maven MEDIUM PATCH This Month

Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure Ibm Application Security On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-4513 HIGH This Week

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Security Access Manager For Enterprise Single Sign On
NVD
CVSS 3.1
8.2
EPSS
2.8%
CVE-2019-4448 HIGH PATCH This Week

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM RCE Db2 High Performance Unload Load
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-4447 HIGH PATCH This Week

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service IBM Db2 High Performance Unload Load
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-4169 CRITICAL Act Now

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Open Power
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2019-4482 MEDIUM This Month

IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4437 MEDIUM This Month

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-4424 HIGH This Week

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2019-4340 HIGH This Week

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Security Guardium Big Data Intelligence
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2019-4338 HIGH This Week

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Security Guardium Big Data Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-4167 MEDIUM This Month

IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Storediq
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-4120 MEDIUM This Month

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Private
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4485 MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management Emptoris Sourcing Emptoris Spend Analysis
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4484 MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management Emptoris Sourcing Emptoris Spend Analysis
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4483 CRITICAL Act Now

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Emptoris Contract Management Emptoris Spend Analysis
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-4481 CRITICAL Act Now

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Emptoris Contract Management Emptoris Spend Analysis
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-4460 HIGH This Week

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Api Connect
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-4433 HIGH This Week

IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Infosphere Global Name Management Infosphere Identity Insight
NVD
CVSS 3.1
8.2
EPSS
3.9%
CVE-2019-4425 MEDIUM This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2019-4420 MEDIUM This Month

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2019-4419 HIGH This Week

IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2019-4402 HIGH PATCH This Week

IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Api Connect
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-4310 HIGH This Week

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-4308 MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management Emptoris Sourcing Emptoris Spend Analysis
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4294 HIGH This Week

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Command Injection Datapower Gateway Mq Appliance
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-4253 HIGH This Week

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Informix Dynamic Server
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-4117 HIGH This Week

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Cloud Private
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-4049 MEDIUM PATCH This Month

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Mq
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-6159 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bladecenter Hs22 Firmware Bladecenter Hs22V Firmware Bladecenter Hx5 Firmware +12
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-4473 HIGH This Week

Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Java IBM
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-4284 MEDIUM This Month

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-4261 MEDIUM PATCH This Month

IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq Websphere Mq
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2019-4275 MEDIUM This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Jazz For Service Management
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4165 HIGH PATCH This Week

IBM StoreIQ 7.6.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Storediq
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-4163 MEDIUM This Month

IBM StoreIQ 7.6.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Storediq
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4456 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Daeja Viewone
NVD
CVSS 3.1
7.1
EPSS
1.9%
CVE-2019-4285 MEDIUM PATCH This Month

IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-4062 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM I2 Intelligent Analysis Platform
NVD
CVSS 3.1
7.1
EPSS
1.6%
CVE-2019-4439 MEDIUM PATCH This Month

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Session Fixation IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2019-4415 HIGH This Week

IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-4212 HIGH This Week

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Qradar Security Information And Event Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-4116 MEDIUM This Month

IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-4267 HIGH PATCH This Week

The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM RCE Spectrum Protect
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-4236 MEDIUM PATCH This Month

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

HP IBM Information Disclosure Spectrum Protect
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-4430 HIGH PATCH This Week

IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Maximo Asset Management
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-4211 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4194 MEDIUM This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-4054 LOW PATCH Monitor

IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-4263 MEDIUM This Month

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Content Navigator
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-4193 HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-4131 MEDIUM PATCH This Month

IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Application Performance Management
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-4118 MEDIUM PATCH This Month

IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Multicloud Manager
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-4292 HIGH PATCH This Week

IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Security Guardium
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-4260 MEDIUM PATCH This Month

IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Daeja Viewone
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2019-4140 HIGH PATCH This Week

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Spectrum Protect
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-4134 MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Planning Analytics
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-4129 MEDIUM This Month

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Operations Center
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-4088 HIGH This Week

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Operations Center
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-4087 CRITICAL Act Now

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow IBM RCE Memory Corruption Spectrum Protect Operations Center
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2019-4410 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-4386 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-4383 MEDIUM PATCH This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation IBM Oracle Spectrum Protect Plus
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-4357 MEDIUM This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Oracle Spectrum Protect Plus
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-4337 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-4336 CRITICAL PATCH Act Now

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-4322 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-4299 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4298 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

PostgreSQL IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-4297 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Authentication Bypass IBM LDAP Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-4296 LOW PATCH Monitor

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-4295 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Hashicorp Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2019-4237 MEDIUM This Month

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server Infosphere Information Governance Catalog Infosphere Information Server On Cloud
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4154 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Websphere Application Server
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics +1
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Cognos Analytics +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cognos Controller
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Cognos Controller
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Application Performance Management
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Sterling File Gateway
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force IBM Information Disclosure +3
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Jazz For Service Management
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect. Rated medium severity (CVSS 6.3). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Automation Manager
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Automation Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure +1
NVD
EPSS 3% CVSS 8.2
HIGH This Week

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Security Access Manager For Enterprise Single Sign On
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service IBM Db2 High Performance Unload Load
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Open Power
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
EPSS 2% CVSS 8.2
HIGH This Week

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Business Automation Workflow +1
NVD
EPSS 2% CVSS 8.2
HIGH This Week

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Security Guardium Big Data Intelligence
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Security Guardium Big Data Intelligence
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Storediq
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Private
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Emptoris Contract Management +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Emptoris Contract Management +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Api Connect
NVD
EPSS 4% CVSS 8.2
HIGH This Week

IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Infosphere Global Name Management +1
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Intelligent Operations Center +2
NVD
EPSS 2% CVSS 8.2
HIGH This Week

IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Intelligent Operations Center +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Api Connect
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Command Injection Datapower Gateway +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Informix Dynamic Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Cloud Private
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Mq
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bladecenter Hs22 Firmware +14
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Java IBM
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Jazz For Service Management
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM StoreIQ 7.6.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Storediq
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM StoreIQ 7.6.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Storediq
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Daeja Viewone
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Websphere Application Server
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM I2 Intelligent Analysis Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Session Fixation IBM Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM RCE +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

HP IBM Information Disclosure +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Maximo Asset Management
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz For Service Management
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Content Navigator
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz For Service Management
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Application Performance Management
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Multicloud Manager
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Daeja Viewone
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Spectrum Protect
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Planning Analytics
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Operations Center
NVD
EPSS 1% CVSS 7.8
HIGH This Week

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Operations Center
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow IBM RCE +2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Microsoft +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation IBM Oracle +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Oracle +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Robotic Process Automation With Automation Anywhere
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM Microsoft +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

PostgreSQL IBM Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Authentication Bypass IBM +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Hashicorp +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM Microsoft +2
NVD
Prev Page 31 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy