Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2018-1648 HIGH PATCH This Week

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Incident Forensics
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1568 LOW PATCH Monitor

IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Incident Forensics
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2018-1840 HIGH PATCH This Week

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-1928 MEDIUM This Month

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Storediq
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1927 HIGH This Week

IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Storediq
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-1897 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

IBM Buffer Overflow Microsoft RCE Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-1762 MEDIUM This Month

IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1584 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1905 HIGH This Week

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
CVSS 3.0
7.1
EPSS
2.5%
CVE-2018-1843 MEDIUM PATCH This Month

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. Rated medium severity (CVSS 4.1). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM Information Disclosure Cloud Private
NVD
CVSS 3.0
4.1
EPSS
0.3%
CVE-2018-1779 HIGH PATCH This Week

IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Api Connect
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-1841 MEDIUM This Month

IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1797 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-1639 MEDIUM This Month

The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-9085 MEDIUM This Month

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Intel Privilege Escalation IBM Flex System X240 M4 Firmware +25
NVD
CVSS 3.0
4.9
EPSS
0.7%
CVE-2018-1643 MEDIUM PATCH This Month

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1808 HIGH This Week

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE Websphere Commerce
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1792 HIGH This Week

IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Code Injection RCE Websphere Mq
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1884 HIGH This Week

IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Case Manager
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-1798 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1786 HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Spectrum Protect Tivoli Storage Manager Spectrum Protect Manager For Virtual Environments Data Protection For Vmware +3
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-1872 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1857 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-1842 LOW PATCH Monitor

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. Rated low severity (CVSS 3.6).

IBM Authentication Bypass Jwt Attack Cognos Analytics Oncommand Insight
NVD
CVSS 3.0
3.6
EPSS
0.3%
CVE-2018-1834 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft IBM Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1802 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1799 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1781 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1780 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1774 HIGH This Week

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Api Connect
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-1684 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1694 MEDIUM PATCH This Month

IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-1606 MEDIUM PATCH This Month

IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-1878 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-1877 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-1876 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1846 HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1835 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Daeja Viewone
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1788 MEDIUM PATCH This Month

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2018-1552 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-1851 CRITICAL PATCH Act Now

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Deserialization RCE Websphere Application Server
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-1767 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-1766 MEDIUM PATCH This Month

IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Team Concert
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1380 MEDIUM This Month

IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Master Data Management
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2018-1541 MEDIUM PATCH This Month

IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Commerce
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1850 HIGH This Week

IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Security Access Manager
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1822 CRITICAL PATCH Act Now

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Flashsystem 900 Firmware Flashsystem 840 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-1518 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-1777 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1747 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Key Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1744 MEDIUM PATCH This Month

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Security Key Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
2.6%
CVE-2018-1844 HIGH PATCH This Week

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Filenet Content Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1770 MEDIUM POC PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.0
6.5
EPSS
3.5%
CVE-2018-1534 MEDIUM PATCH This Month

IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1533 MEDIUM PATCH This Month

IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1838 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-1673 MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1745 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-1738 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2018-1724 MEDIUM PATCH This Month

IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Spectrum Lsf
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-1708 MEDIUM PATCH This Month

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Platform Symphony Specturm Symphony
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1706 MEDIUM PATCH This Month

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Symphony
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-18202 CRITICAL POC Act Now

The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Information Disclosure Qlogic 4 Gb Fibre Channel Expansion Card Firmware Qlogic 20 Port 4 8 Gb San Switch Module Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1753 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-1750 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2018-1749 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1743 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-1742 CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
9.3
EPSS
0.3%
CVE-2018-1741 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1812 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1795 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1783 MEDIUM PATCH This Month

IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1723 MEDIUM PATCH This Month

IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1686 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1649 MEDIUM PATCH This Month

IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Qradar Incident Forensics
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1647 HIGH PATCH This Week

IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Qradar Incident Forensics
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1819 HIGH PATCH This Week

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Financial Transaction Manager
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1670 MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
1.2%
CVE-2018-1604 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1603 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1602 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1794 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-1793 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-1692 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1691 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1605 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1601 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1593 MEDIUM This Month

IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Multi Cloud Data Encryption
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-1558 MEDIUM PATCH This Month

IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1557 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Incident Forensics
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Incident Forensics
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Storediq
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Storediq
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

IBM Buffer Overflow Microsoft +3
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management +6
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
EPSS 3% CVSS 7.1
HIGH This Week

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. Rated medium severity (CVSS 4.1). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Api Connect
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Intel Privilege Escalation +27
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 2% CVSS 8.8
HIGH This Week

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Code Injection RCE +1
NVD
EPSS 3% CVSS 7.8
HIGH This Week

IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Case Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Spectrum Protect +5
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +1
NVD
EPSS 0% CVSS 3.6
LOW PATCH Monitor

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. Rated low severity (CVSS 3.6).

IBM Authentication Bypass Jwt Attack +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft IBM +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Api Connect
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Rational Collaborative Lifecycle Management +6
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Collaborative Lifecycle Management +6
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Daeja Viewone
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE +1
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Deserialization RCE +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Team Concert
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Master Data Management
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Commerce
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Security Access Manager
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Flashsystem 900 Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Infosphere Information Server +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Key Lifecycle Manager
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Security Key Lifecycle Manager
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Filenet Content Manager
NVD
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

IBM Path Traversal Websphere Application Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Lifecycle Optimization Publishing
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Lifecycle Optimization Publishing
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Spectrum Lsf
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Platform Symphony +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Symphony
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Information Disclosure Qlogic 4 Gb Fibre Channel Expansion Card Firmware +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Qradar Incident Forensics
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Qradar Incident Forensics
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Financial Transaction Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Multi Cloud Data Encryption
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management +6
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
Prev Page 34 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy