Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2017-1382 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2017-1380 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-1287 MEDIUM PATCH This Month

IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Rhapsody Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-1249 MEDIUM PATCH This Month

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rhapsody Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1245 MEDIUM PATCH This Month

IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Software Architect Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8975 MEDIUM PATCH This Month

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rhapsody Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6118 MEDIUM PATCH This Month

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Strategic Supply Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1381 LOW PATCH Monitor

IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2017-1374 MEDIUM PATCH This Month

Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Authentication Bypass Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1373 HIGH PATCH This Week

Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1372 MEDIUM PATCH This Month

IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1371 HIGH PATCH This Week

Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-1267 HIGH PATCH This Week

IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-1309 HIGH PATCH This Week

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Infosphere Master Data Management Server
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-1224 HIGH This Week

IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1223 MEDIUM This Month

IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Bigfix Platform
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1219 MEDIUM This Month

IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Bigfix Platform
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-1218 HIGH This Week

IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Bigfix Platform
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1203 MEDIUM This Month

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bigfix Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6018 MEDIUM PATCH This Month

IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Emptoris Contract Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1318 HIGH This Week

IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Mq Appliance
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-1183 HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Tivoli Monitoring
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-1182 HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

IBM Information Disclosure Tivoli Monitoring
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2017-1181 HIGH This Week

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Information Disclosure Tivoli Monitoring
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-1308 MEDIUM PATCH This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal IBM Information Disclosure Daeja Viewone
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-8964 CRITICAL Act Now

IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Inventory License Metric Tool
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-8952 MEDIUM PATCH This Month

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Strategic Supply Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8951 HIGH PATCH This Week

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service IBM Authentication Bypass Emptoris Strategic Supply Management
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6019 MEDIUM PATCH This Month

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Strategic Supply Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1321 MEDIUM PATCH This Month

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-1285 MEDIUM PATCH This Month

IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-8953 MEDIUM PATCH This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-8950 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8948 MEDIUM PATCH This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8947 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Emptoris Sourcing
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8946 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6114 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1398 MEDIUM This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Websphere Commerce
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1337 HIGH This Week

IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Java Information Disclosure Websphere Mq
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-1284 MEDIUM This Month

IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. Rated medium severity (CVSS 4.7). No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-1236 MEDIUM This Month

IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-1264 HIGH This Week

IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1254 HIGH This Week

IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Security Guardium
NVD
CVSS 3.0
7.1
EPSS
0.5%
CVE-2017-1253 CRITICAL Act Now

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Guardium
NVD
CVSS 3.0
9.9
EPSS
1.4%
CVE-2017-1157 MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1144 LOW Monitor

IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 3.0
2.5
EPSS
0.1%
CVE-2017-1096 MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9989 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9988 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9987 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9986 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9700 MEDIUM This Month

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1208 MEDIUM This Month

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1207 MEDIUM This Month

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1176 LOW Monitor

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2017-1175 CRITICAL Act Now

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-1113 MEDIUM This Month

IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9746 MEDIUM This Month

IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9733 MEDIUM This Month

IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9701 MEDIUM This Month

IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1269 CRITICAL Act Now

IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Security Guardium
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-1258 MEDIUM This Month

IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1256 MEDIUM This Month

IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1217 MEDIUM This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-0238 LOW Monitor

IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-1310 MEDIUM PATCH This Month

IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow IBM Informix Dynamic Server
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-1106 MEDIUM This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1328 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Api Connect
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-1322 HIGH PATCH This Week

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Api Connect
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2017-1297 HIGH POC PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow RCE Microsoft IBM Data Server Client +5
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
0.3%
CVE-2017-1234 MEDIUM PATCH This Month

IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-1105 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Microsoft IBM Data Server Client +5
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-9972 MEDIUM PATCH This Month

IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-9738 HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6083 MEDIUM PATCH This Month

IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Monitoring
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1349 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1348 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1347 HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Sterling B2b Integrator
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1302 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1193 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1132 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1131 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-5893 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1326 MEDIUM PATCH This Month

IBM Sterling File Gateway does not properly restrict user requests based on permission level. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

IBM Privilege Escalation Sterling B2b Integrator
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-9983 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-9982 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-9747 MEDIUM PATCH This Month

IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Engineering Lifecycle Manager Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1304 MEDIUM This Month

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service IBM Elastic Elastic Storage Server
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2017-1117 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-1379 HIGH PATCH This Week

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
7.5
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

IBM Privilege Escalation Websphere Application Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Rhapsody Design Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rhapsody Design Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Software Architect Design Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rhapsody Design Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Strategic Supply Management
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Authentication Bypass Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Infosphere Master Data Management Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Bigfix Platform
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Bigfix Platform
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Bigfix Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bigfix Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Emptoris Contract Management
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Mq Appliance
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Tivoli Monitoring
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

IBM Information Disclosure Tivoli Monitoring
NVD
EPSS 0% CVSS 7.0
HIGH This Week

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Information Disclosure Tivoli Monitoring
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal IBM Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Inventory +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Strategic Supply Management
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service IBM Authentication Bypass +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Strategic Supply Management
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Mq
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Emptoris Sourcing
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Sourcing
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Emptoris Sourcing
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Websphere Commerce
NVD
EPSS 0% CVSS 8.1
HIGH This Week

IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Java Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. Rated medium severity (CVSS 4.7). No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Mq
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Guardium
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Security Guardium
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Guardium
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 2.5
LOW Monitor

IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Information Disclosure Websphere Message Broker +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management +6
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Asset Management
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Message Broker +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Asset Management
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Security Guardium
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Guardium
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow IBM Informix Dynamic Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Curam Social Program Management
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Api Connect
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Api Connect
NVD
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow RCE Microsoft +7
NVD Exploit-DB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Microsoft +7
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Monitoring
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling B2b Integrator
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling B2b Integrator
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling File Gateway does not properly restrict user requests based on permission level. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

IBM Privilege Escalation Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Engineering Lifecycle Manager +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service IBM +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service IBM Websphere Mq
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Api Connect
NVD
Prev Page 40 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy