Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2018-1399 MEDIUM PATCH This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Daeja Viewone
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1372 CRITICAL Act Now

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Brute Force Security Guardium Big Data Intelligence
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-1377 HIGH This Week

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1417 HIGH This Week

Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java IBM Information Disclosure Java Sdk
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-1415 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1414 HIGH PATCH This Week

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1392 LOW PATCH Monitor

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
3.1
EPSS
0.6%
CVE-2018-1391 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Financial Transaction Manager
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-1411 HIGH This Week

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Notes Client Application Access
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1410 HIGH This Week

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Notes Client Application Access
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1409 HIGH This Week

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Notes Client Application Access
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1383 CRITICAL Act Now

A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
CVSS 3.0
9.1
EPSS
2.7%
CVE-2018-1401 MEDIUM PATCH This Month

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-1368 MEDIUM PATCH This Month

IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Security Guardium Database Activity Monitor
NVD
CVSS 3.0
4.4
EPSS
0.3%
CVE-2018-1388 HIGH This Week

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1382 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Api Connect
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1366 HIGH PATCH This Week

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Code Injection IBM Content Navigator
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-1364 HIGH This Week

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Content Navigator
NVD
CVSS 3.0
8.2
EPSS
2.4%
CVE-2018-1362 MEDIUM This Month

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.0
5.0
EPSS
0.6%
CVE-2018-1361 MEDIUM PATCH This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-1698 MEDIUM This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Portal
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-1365 MEDIUM This Month

IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1191 MEDIUM This Month

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-1757 HIGH This Week

IBM Security Guardium 10.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Security Guardium
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-1751 MEDIUM This Month

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1746 HIGH PATCH This Week

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1696 HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2017-1694 HIGH This Week

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Integration Bus
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2017-1631 HIGH PATCH This Week

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1600 MEDIUM This Month

IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1598 HIGH This Week

IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1596 MEDIUM This Month

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1595 MEDIUM This Month

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1494 MEDIUM This Month

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1423 MEDIUM This Month

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Portal
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1270 LOW Monitor

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Session Fixation IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2017-1266 MEDIUM This Month

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-1262 MEDIUM This Month

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1261 LOW Monitor

IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2017-1257 MEDIUM This Month

IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1716 LOW Monitor

IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Tivoli Workload Scheduler
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2017-1635 HIGH Act Now

IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Memory Corruption IBM Use After Free RCE Tivoli Monitoring
NVD
CVSS 3.0
8.0
EPSS
18.2%
CVE-2017-1558 MEDIUM This Month

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1546 MEDIUM This Month

IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1421 MEDIUM This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1760 HIGH This Week

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2017-1683 MEDIUM This Month

IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections Engagement Center
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1632 MEDIUM This Month

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling File Gateway
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1613 MEDIUM This Month

IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Information Disclosure Connections
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-1606 HIGH This Week

IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Financial Transaction Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1550 MEDIUM This Month

IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1549 MEDIUM This Month

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling File Gateway
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1548 MEDIUM This Month

IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Sterling File Gateway
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2017-1536 MEDIUM This Month

IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1507 MEDIUM This Month

IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-1498 MEDIUM This Month

IBM Connections 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1497 LOW Monitor

IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-1487 MEDIUM This Month

IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1482 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1481 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1465 MEDIUM This Month

IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-1433 MEDIUM This Month

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-1356 HIGH This Week

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Atlas Ediscovery Process Management
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1355 LOW Monitor

IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Atlas Ediscovery Process Management
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-1354 MEDIUM This Month

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Atlas Ediscovery Process Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1353 LOW Monitor

IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Atlas Ediscovery Process Management
NVD
CVSS 3.0
3.5
EPSS
0.1%
CVE-2017-1342 MEDIUM This Month

IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Insights Foundation For Energy
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-1341 LOW Monitor

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Websphere Mq
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-1336 MEDIUM This Month

IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection IBM Infosphere Biginsights
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2017-1271 HIGH This Week

IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1689 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1688 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1678 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1650 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1628 MEDIUM This Month

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-1607 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1593 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1570 MEDIUM This Month

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1560 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1484 MEDIUM This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Commerce
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1461 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1283 MEDIUM This Month

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-1251 MEDIUM This Month

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-1240 MEDIUM This Month

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6024 MEDIUM This Month

IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-1710 CRITICAL Act Now

A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Storwize V7000 Firmware Storwize V5000 Firmware Flashsystem V9000 Firmware +1
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-1477 HIGH This Week

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-1453 HIGH This Week

IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2017-1229 MEDIUM This Month

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-1221 CRITICAL Act Now

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
9.8
EPSS
0.3%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Daeja Viewone
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Brute Force +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
EPSS 2% CVSS 8.1
HIGH This Week

Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java IBM Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Maximo Asset Management +1
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Financial Transaction Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Notes +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Notes +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Notes +1
NVD
EPSS 3% CVSS 9.1
CRITICAL Act Now

A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Security Guardium Database Activity Monitor
NVD
EPSS 2% CVSS 7.5
HIGH This Week

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Api Connect
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Code Injection IBM Content Navigator
NVD
EPSS 2% CVSS 8.2
HIGH This Week

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Content Navigator
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Portal
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management +6
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Security Guardium 10.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Security Guardium
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 8.1
HIGH This Week

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Integration Bus
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Portal
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Session Fixation IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Tivoli Workload Scheduler
NVD
EPSS 18% CVSS 8.0
HIGH Act Now

IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Memory Corruption IBM Use After Free +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Maximo Asset Management +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Inotes
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Mq
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections Engagement Center
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling File Gateway
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Financial Transaction Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling File Gateway
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Sterling File Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager +6
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Connections 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Tririga Application Platform
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Atlas Ediscovery Process Management
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Atlas Ediscovery Process Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Atlas Ediscovery Process Management
NVD
EPSS 0% CVSS 3.5
LOW Monitor

IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Atlas Ediscovery Process Management
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Insights Foundation For Energy
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Websphere Mq
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection IBM +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager +6
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Commerce
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager +6
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager +6
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager +6
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Storwize V7000 Firmware +3
NVD
EPSS 1% CVSS 8.1
HIGH This Week

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Security Access Manager 9 0 Firmware
NVD
EPSS 5% CVSS 8.8
HIGH This Week

IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Access Manager 9 0 Firmware
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
Prev Page 37 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy