Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2016-6100 HIGH This Week

IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Disposal And Governance Management For It Global Retention Policy And Schedule Management
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-3031 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3015 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1171 MEDIUM PATCH This Month

The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1154 MEDIUM PATCH This Month

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Algo One
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-9990 MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9707 HIGH PATCH This Week

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Rational Rhapsody Design Manager Rational Quality Manager +5
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-8935 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8917 HIGH PATCH This Week

IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-6111 CRITICAL PATCH Act Now

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Curam Social Program Management
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2016-6036 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6031 MEDIUM PATCH This Month

IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6022 MEDIUM PATCH This Month

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1153 HIGH PATCH This Week

IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-1143 MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-1142 MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1120 MEDIUM PATCH This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-9737 MEDIUM PATCH This Month

IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8960 HIGH PATCH This Week

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Cognos Business Intelligence
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-6102 LOW PATCH Monitor

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-6056 MEDIUM PATCH This Month

IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Call Center For Commerce
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1155 MEDIUM PATCH This Month

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Algo One
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-1151 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-1146 MEDIUM This Month

IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1145 HIGH PATCH This Week

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
8.6
EPSS
0.5%
CVE-2017-1134 HIGH PATCH This Week

IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Privilege Escalation Power Hardware Management Console
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-9697 LOW PATCH Monitor

An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Rhapsody Design Manager
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2016-9696 MEDIUM PATCH This Month

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9694 MEDIUM PATCH This Month

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8973 MEDIUM PATCH This Month

IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Rational Rhapsody Design Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2981 MEDIUM PATCH This Month

An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Authentication Bypass Information Disclosure Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-1150 LOW PATCH Monitor

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft IBM Privilege Escalation Db2
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2016-9985 MEDIUM PATCH This Month

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Cognos Business Intelligence
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-9006 MEDIUM This Month

IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Urbancode Deploy
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-5933 MEDIUM This Month

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Tivoli Monitoring
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2016-5894 MEDIUM PATCH This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Commerce
NVD
CVSS 3.0
5.1
EPSS
0.1%
CVE-2017-1133 MEDIUM PATCH This Month

IBM QRadar 7.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1124 LOW PATCH Monitor

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
2.9
EPSS
0.0%
CVE-2016-9740 HIGH PATCH This Week

IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-9730 MEDIUM PATCH This Month

IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-9729 MEDIUM PATCH This Month

IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-9728 HIGH PATCH This Week

IBM Qradar 7.2 is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9727 HIGH PATCH This Week

IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.5
EPSS
0.4%
CVE-2016-9726 HIGH PATCH This Week

IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-9725 MEDIUM PATCH This Month

IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9724 HIGH PATCH This Week

IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-9723 MEDIUM PATCH This Month

IBM QRadar 7.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-9720 MEDIUM PATCH This Month

IBM QRadar 7.2 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9693 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Business Process Manager Websphere
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8971 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow IBM Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-8940 HIGH PATCH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-9994 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-9993 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-9992 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-8232 MEDIUM This Month

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Lenovo Advanced Management Module Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5932 MEDIUM This Month

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-2880 HIGH PATCH This Week

IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2879 HIGH PATCH This Week

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-9975 HIGH PATCH This Week

IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Dashboard Application Services Hub
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-9009 LOW PATCH Monitor

IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
3.1
EPSS
0.3%
CVE-2016-8998 HIGH PATCH This Week

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE IBM Tivoli Storage Manager
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2016-8974 HIGH PATCH This Week

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Rational Rhapsody Design Manager
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-6055 MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-5883 MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-8986 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-8915 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-3052 MEDIUM PATCH This Month

Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-3013 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-6062 MEDIUM This Month

IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Resilient
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5919 HIGH PATCH This Week

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-9706 CRITICAL PATCH Act Now

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Integration Bus Websphere Message Broker
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2016-9010 MEDIUM PATCH This Month

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8972 HIGH POC PATCH This Week

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Aix Vios
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-8968 MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2016-8944 MEDIUM PATCH This Month

IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service IBM Aix
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6079 HIGH POC PATCH This Week

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Aix Vios
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.0%
CVE-2016-6077 MEDIUM PATCH This Month

IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Cognos Disclosure Management
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-6060 MEDIUM PATCH This Month

An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6033 HIGH PATCH This Week

IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF IBM Tivoli Storage Manager For Virtual Environments Data Protection For Vmware Tivoli Storage Flashcopy Manager For Vmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-0360 CRITICAL Act Now

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization IBM Java Websphere Mq Jms
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-1121 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9005 CRITICAL Act Now

IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass System Storage Ts3100 Ts3200 Tape Library
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-8954 CRITICAL PATCH Act Now

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Docker IBM Authentication Bypass Dashdb Local
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-5934 HIGH This Week

IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Privilege Escalation Tivoli Storage Manager Fastback
NVD
CVSS 3.0
7.3
EPSS
0.9%
CVE-2016-5918 MEDIUM PATCH This Month

IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM Information Disclosure Tivoli Storage Manager For Space Management
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-5902 MEDIUM PATCH This Month

IBM Maximo Asset Management is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management Maximo For Aviation Maximo For Energy Optimization +6
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5900 MEDIUM PATCH This Month

IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tealeaf Customer Experience On Cloud Network Capture Add On
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-0310 MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-0308 MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Connections
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-0307 MEDIUM PATCH This Month

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH This Week

IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Disposal And Governance Management For It +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Algo One
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Inotes
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +7
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling Selling And Fulfillment Foundation
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Cognos Business Intelligence
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Call Center For Commerce
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Algo One
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Privilege Escalation Power Hardware Management Console
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Rhapsody Design Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Rhapsody Design Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Rational Rhapsody Design Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft IBM Privilege Escalation +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Cognos Business Intelligence
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Urbancode Deploy
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Tivoli Monitoring
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Commerce
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM QRadar 7.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Incident Forensics +1
NVD
EPSS 0% CVSS 2.9
LOW PATCH Monitor

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Qradar Incident Forensics +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Qradar 7.2 is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Qradar Incident Forensics +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Incident Forensics +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM QRadar 7.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Incident Forensics +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM QRadar 7.2 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Incident Forensics +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Business Process Manager +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow IBM Websphere Mq
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Storage Manager
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Lenovo +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Dashboard Application Services Hub
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Denial Of Service IBM Websphere Mq
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE IBM +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Inotes
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Websphere Mq
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Websphere Mq
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Mq
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Resilient
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Access Manager For Web 7 0 Firmware +3
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +2
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Aix +1
NVD Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service IBM Aix
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Aix +1
NVD Exploit-DB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Cognos Disclosure Management
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Doors Next Generation +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF IBM +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization IBM Java +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass System Storage Ts3100 Ts3200 Tape Library
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Docker IBM Authentication Bypass +1
NVD
EPSS 1% CVSS 7.3
HIGH This Week

IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Privilege Escalation +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM Information Disclosure +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Maximo Asset Management is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management +8
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tealeaf Customer Experience On Cloud Network Capture Add On
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
Prev Page 42 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy