Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2017-1554 MEDIUM PATCH This Month

IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1553 MEDIUM PATCH This Month

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1552 MEDIUM PATCH This Month

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1340 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2017-1333 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Openpages Grc Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1300 HIGH PATCH This Week

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Openpages Grc Platform
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1290 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Openpages Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1148 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Openpages Grc Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1147 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Openpages Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3048 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Openpages Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1521 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Bigfix Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1232 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-1230 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1228 LOW PATCH Monitor

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-1226 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1225 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1222 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Bigfix Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1220 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1363 MEDIUM This Month

IBM Team Concert (RTC) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1295 MEDIUM This Month

IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1241 MEDIUM This Month

An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1169 MEDIUM This Month

IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1164 MEDIUM This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1583 HIGH This Week

IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Java Information Disclosure Liberty
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-1523 HIGH This Week

IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Infosphere Master Data Management
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1375 HIGH This Week

IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storwize Unified V7000 Software
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1212 MEDIUM This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Daeja Viewone
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1211 LOW Monitor

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Information Disclosure Daeja Viewone
NVD
CVSS 3.0
2.5
EPSS
0.0%
CVE-2017-1210 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Daeja Viewone
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1209 MEDIUM This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Daeja Viewone
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3049 MEDIUM This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1538 MEDIUM This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-1503 MEDIUM This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1522 MEDIUM This Month

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1378 HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM VMware Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-1339 MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2017-1301 MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1201 HIGH This Week

IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Security Compliance Analytics
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-8937 CRITICAL PATCH Act Now

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Tivoli Storage Manager
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-1541 HIGH This Week

A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2017-1126 MEDIUM PATCH This Month

IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1569 HIGH This Week

IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Commerce
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1429 MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1369 MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1364 MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1359 MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1345 MEDIUM This Month

IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Insights Foundation For Energy
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1335 MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1334 MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1324 MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1311 HIGH This Week

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Insights Foundation For Energy
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1591 MEDIUM PATCH This Month

IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Datapower Gateway
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1577 HIGH PATCH This Week

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Websphere Portal
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-1483 HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

IBM Authentication Bypass Security Identity Governance And Intelligence Security Identity Manager Security Privileged Identity Manager
NVD
CVSS 3.0
8.6
EPSS
0.5%
CVE-2017-1407 HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Security Identity Governance And Intelligence Security Identity Manager Security Privileged Identity Manager
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2017-1539 HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1531 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1530 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1527 HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Business Process Manager
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-1425 MEDIUM This Month

IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1555 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1551 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1424 MEDIUM This Month

IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1362 HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-1346 LOW PATCH Monitor

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Business Process Manager
NVD
CVSS 3.0
2.5
EPSS
0.0%
CVE-2017-1235 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-0162 HIGH This Week

IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Privilege Escalation Security Siteprotector System
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2014-6191 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2014-6106 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS CSRF IBM Security Identity Manager
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-0110 MEDIUM This Month

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager Websphere Application Server
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-1556 MEDIUM This Month

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-1508 MEDIUM This Month

IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Informix Dynamic Server
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-1520 LOW PATCH Monitor

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Db2 Db2 Connect
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-1519 MEDIUM PATCH This Month

IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service IBM Db2 Db2 Connect
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2017-1452 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1451 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1439 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-1438 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-1434 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-1352 MEDIUM This Month

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Maximo Asset Management
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-1162 HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2014-9565 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Ib6131 Firmware En6131 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1502 MEDIUM This Month

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1189 MEDIUM This Month

IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1098 MEDIUM This Month

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Supplier Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1491 HIGH This Week

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Network Security
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1458 HIGH This Week

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Qradar Network Security
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-1457 MEDIUM This Month

IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Qradar Network Security
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1130 MEDIUM POC PATCH THREAT This Month

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.5%.

Denial Of Service IBM Inotes
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
65.5%
Threat
4.8
CVE-2017-1129 MEDIUM POC PATCH THREAT This Month

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.5%.

Denial Of Service IBM Inotes Expeditor
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
68.5%
Threat
4.9
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Biginsights
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Biginsights
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Biginsights
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Openpages Grc Platform
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Openpages Grc Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Openpages Grc Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Openpages Grc Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Openpages Grc Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Openpages Grc Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Bigfix Platform
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Bigfix Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Team Concert (RTC) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Java Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Infosphere Master Data Management
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storwize Unified V7000 Software
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Daeja Viewone
NVD
EPSS 0% CVSS 2.5
LOW Monitor

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Information Disclosure Daeja Viewone
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Daeja Viewone
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Daeja Viewone
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages Grc Platform
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Financial Transaction Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Application Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM VMware Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Tivoli Storage Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Security Compliance Analytics
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Tivoli Storage Manager
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Commerce
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Insights Foundation For Energy
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Insights Foundation For Energy
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Datapower Gateway
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Websphere Portal
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

IBM Authentication Bypass Security Identity Governance And Intelligence +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Security Identity Governance And Intelligence +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Api Connect
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Identity Manager
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Business Process Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
EPSS 0% CVSS 7.0
HIGH This Week

IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Privilege Escalation Security Siteprotector System
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Curam Social Program Management
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS CSRF IBM +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Informix Dynamic Server
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Db2 +1
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service IBM Db2 +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Maximo Asset Management
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Ib6131 Firmware +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Supplier Lifecycle Management
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Network Security
NVD
EPSS 1% CVSS 8.1
HIGH This Week

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Qradar Network Security
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Qradar Network Security
NVD
EPSS 65% 4.8 CVSS 6.5
MEDIUM POC PATCH THREAT This Month

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.5%.

Denial Of Service IBM Inotes
NVD Exploit-DB
EPSS 69% 4.9 CVSS 6.5
MEDIUM POC PATCH THREAT This Month

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.5%.

Denial Of Service IBM Inotes +1
NVD Exploit-DB
Prev Page 38 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy