Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2018-1522 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1509 HIGH This Week

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-1498 HIGH This Week

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1440 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1439 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1405 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1404 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1403 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1395 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1672 MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Websphere Portal
NVD
CVSS 3.0
6.3
EPSS
1.2%
CVE-2018-1420 MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Websphere Portal
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1704 MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1702 HIGH This Week

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1820 MEDIUM PATCH This Month

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1736 MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1716 MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1660 MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-1785 HIGH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Client Spectrum Protect For Virtual Environments
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2018-1768 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1683 HIGH This Week

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-1610 MEDIUM This Month

IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1550 MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Denial Of Service Tivoli Storage Manager Tivoli Storage Manager For Space Management +1
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1545 HIGH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Client Spectrum Protect For Virtual Environments
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2018-1669 HIGH PATCH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Datapower Gateway
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1664 HIGH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1659 MEDIUM This Month

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1607 HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1588 HIGH This Week

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1560 MEDIUM This Month

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1539 MEDIUM This Month

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1711 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1710 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Buffer Overflow RCE Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1685 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1800 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring. Rated medium severity (CVSS 4.7). No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-1674 HIGH This Week

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1782 MEDIUM This Month

IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap,. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2018-1791 MEDIUM This Month

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-1719 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.9
EPSS
2.4%
CVE-2018-1698 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-1773 MEDIUM PATCH This Month

IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Datacap
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2018-1571 HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-1789 CRITICAL PATCH Act Now

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Api Connect
NVD
CVSS 3.0
9.9
EPSS
1.2%
CVE-2018-1757 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Security Identity Governance And Intelligence
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-1756 HIGH POC PATCH THREAT This Week

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi IBM Security Identity Governance And Intelligence
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.6%
CVE-2018-1567 CRITICAL PATCH Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Java Deserialization Websphere Application Server
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-1695 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass IBM Websphere Application Server
NVD
CVSS 3.0
5.6
EPSS
2.2%
CVE-2018-1705 MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1644 MEDIUM This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Commerce
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2018-1755 MEDIUM PATCH This Month

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.9
EPSS
3.5%
CVE-2018-1722 CRITICAL Act Now

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Security Access Manager
NVD
CVSS 3.0
10.0
EPSS
9.0%
CVE-2018-1699 HIGH PATCH This Week

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Maximo Asset Management
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1599 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-1656 MEDIUM PATCH This Month

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java IBM Path Traversal Sdk Satellite +4
NVD
CVSS 3.0
6.5
EPSS
4.5%
CVE-2018-1517 HIGH This Week

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java IBM Information Disclosure Software Development Kit Satellite +3
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-1394 MEDIUM This Month

Multiple IBM Rational products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation Rational Engineering Lifecycle Manager Rational Quality Manager +3
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1712 CRITICAL Act Now

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM SSRF Api Connect
NVD
CVSS 3.0
9.9
EPSS
0.7%
CVE-2018-1715 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1455 HIGH This Week

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-12539 HIGH PATCH This Week

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Microsoft IBM Information Disclosure Openj9 +1
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1690 MEDIUM PATCH This Month

IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rhapsody Model Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1551 HIGH This Week

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1528 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +5
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-1422 MEDIUM PATCH This Month

IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1524 HIGH PATCH This Week

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +5
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-1554 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1595 HIGH This Week

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1718 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-1638 HIGH This Week

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Api Connect
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2018-9068 HIGH This Week

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass IBM Flex System X240 M4 Firmware Flex System X240 M5 Firmware +35
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1513 MEDIUM POC This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS IBM Sterling B2b Integrator
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.9%
CVE-2018-1503 MEDIUM This Month

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
4.3
EPSS
2.0%
CVE-2018-1679 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow an unauthenticated user to obtain sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-1564 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-1563 MEDIUM POC PATCH This Month

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS IBM Sterling B2b Integrator Sterling File Gateway
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.8%
CVE-2018-1470 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.0
4.3
EPSS
1.8%
CVE-2018-1398 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2018-1587 MEDIUM PATCH This Month

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Rhapsody Design Manager Rational Software Architect Design Manager
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-1585 MEDIUM PATCH This Month

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager Rational Software Architect Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1536 MEDIUM PATCH This Month

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager Rational Software Architect Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1535 MEDIUM PATCH This Month

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager Rational Software Architect Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1529 MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Requirements Composer Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1612 MEDIUM POC PATCH THREAT This Month

IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD Exploit-DB
CVSS 3.0
5.8
EPSS
57.0%
CVE-2018-1566 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM RCE Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1549 MEDIUM PATCH This Month

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1523 MEDIUM PATCH This Month

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1492 MEDIUM This Month

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Session Fixation IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Team Concert +5
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-1487 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1458 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM RCE Db2
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-1423 MEDIUM This Month

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-1396 MEDIUM PATCH This Month

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.6%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 7.4
HIGH This Week

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Websphere Portal
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Websphere Portal
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Platform Symphony +1
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Platform Symphony +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Websphere Portal
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Client +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Denial Of Service +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Client +1
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Datapower Gateway
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Datapower Gateway
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Rational Engineering Lifecycle Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Buffer Overflow +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring. Rated medium severity (CVSS 4.7). No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 2% CVSS 8.8
HIGH This Week

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Business Automation Workflow +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap,. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Connections
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Datacap
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Api Connect
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Security Identity Governance And Intelligence
NVD
EPSS 11% CVSS 7.5
HIGH POC PATCH THREAT This Week

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi IBM Security Identity Governance And Intelligence
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Java Deserialization +1
NVD
EPSS 2% CVSS 5.6
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass IBM Websphere Application Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Commerce
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java IBM Information Disclosure +1
NVD
EPSS 9% CVSS 10.0
CRITICAL Act Now

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Security Access Manager
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Maximo Asset Management
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Api Connect
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java IBM Path Traversal +6
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java IBM Information Disclosure +5
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Multiple IBM Rational products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation +5
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM SSRF +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Tivoli Application Dependency Discovery Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Microsoft IBM +3
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rhapsody Model Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management +7
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management +7
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
EPSS 2% CVSS 8.8
HIGH This Week

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
EPSS 2% CVSS 8.1
HIGH This Week

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Api Connect
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass IBM +37
NVD
EPSS 3% CVSS 5.4
MEDIUM POC This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS IBM Sterling B2b Integrator
NVD Exploit-DB
EPSS 2% CVSS 4.3
MEDIUM This Month

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow an unauthenticated user to obtain sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 3% CVSS 5.4
MEDIUM POC PATCH This Month

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS IBM Sterling B2b Integrator +1
NVD Exploit-DB
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Rhapsody Design Manager +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Requirements Composer +1
NVD
EPSS 57% CVSS 5.8
MEDIUM POC PATCH THREAT This Month

IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM RCE +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Session Fixation IBM Information Disclosure +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM RCE +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management +6
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
Prev Page 35 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy