Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2016-0305 MEDIUM PATCH This Month

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0214 HIGH PATCH This Week

IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Bigfix Platform
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-0210 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-0206 LOW PATCH Monitor

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Cloud Orchestrator
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-0203 MEDIUM PATCH This Month

A vulnerability has been identified in the IBM Cloud Orchestrator task API. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator Smartcloud Orchestrator
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-0202 LOW PATCH Monitor

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2015-7494 LOW PATCH Monitor

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. Rated low severity (CVSS 2.8).

IBM Authentication Bypass Cloud Orchestrator Smartcloud Orchestrator
NVD
CVSS 3.0
2.8
EPSS
0.0%
CVE-2015-7493 MEDIUM PATCH This Month

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2015-7418 MEDIUM PATCH This Month

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Extreme Scale
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2015-1976 MEDIUM PATCH This Month

IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Authentication Bypass Security Directory Server Tivoli Directory Server
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1128 MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1127 MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9748 MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6032 MEDIUM PATCH This Month

IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2866 MEDIUM PATCH This Month

An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5013 MEDIUM PATCH This Month

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile Security Access Manager 9 0 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-0270 MEDIUM PATCH This Month

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix IBM Information Disclosure Client Application Access Domino +1
NVD GitHub
CVSS 3.0
5.9
EPSS
0.5%
CVE-2016-6104 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE IBM File Upload Security Key Lifecycle Manager
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2016-6097 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
4.0
EPSS
0.1%
CVE-2016-6096 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6094 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6092 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-3020 MEDIUM PATCH This Month

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile +1
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1093 HIGH This Week

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-6116 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-6103 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-6099 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-6095 CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-5935 MEDIUM This Month

IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Dashboard Application Services Hub
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-9739 HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Security Identity Manager
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9704 MEDIUM PATCH This Month

IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Identity Manager Virtual Appliance
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-9703 LOW PATCH Monitor

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity.

Session Fixation IBM Information Disclosure Security Identity Manager Virtual Appliance
NVD
CVSS 3.0
2.4
EPSS
0.1%
CVE-2016-9008 HIGH PATCH This Week

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Urbancode Deploy
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9000 MEDIUM PATCH This Month

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Datastage Infosphere Information Server On Cloud
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8999 MEDIUM PATCH This Month

IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Datastage Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8982 MEDIUM PATCH This Month

IBM InfoSphere Information Server stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Datastage
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-8977 MEDIUM This Month

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-8963 MEDIUM This Month

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-8938 CRITICAL PATCH Act Now

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass File Upload Urbancode Deploy
NVD
CVSS 3.0
10.0
EPSS
0.8%
CVE-2016-8933 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Kenexa Lms
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-8932 HIGH PATCH This Week

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE IBM Authentication Bypass Kenexa Lms
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2016-8931 HIGH PATCH This Week

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE IBM Authentication Bypass Kenexa Lms
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2016-8930 HIGH PATCH This Week

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms
NVD
CVSS 3.0
7.6
EPSS
0.4%
CVE-2016-8929 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8928 HIGH PATCH This Week

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms
NVD
CVSS 3.0
7.6
EPSS
0.4%
CVE-2016-8919 HIGH PATCH This Week

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-6115 HIGH PATCH This Week

IBM General Parallel File System is vulnerable to a buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE IBM General Parallel File System Spectrum Scale
NVD
CVSS 3.0
7.2
EPSS
3.9%
CVE-2016-6110 MEDIUM PATCH This Month

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

VMware IBM Authentication Bypass Tivoli Storage Manager Tivoli Storage Manager For Virtual Environments Data Protection For Vmware
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2016-6068 HIGH PATCH This Week

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6001 LOW PATCH Monitor

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

SSRF IBM Information Disclosure Forms Experience Builder
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-5953 LOW PATCH Monitor

IBM Sterling Order Management transmits the session identifier within the URL. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
3.7
EPSS
0.1%
CVE-2016-5942 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5941 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Kenexa Lms
NVD
CVSS 3.0
5.7
EPSS
0.5%
CVE-2016-5940 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5938 LOW PATCH Monitor

IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Kenexa Lms
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-5881 MEDIUM This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2992 MEDIUM PATCH This Month

IBM Infosphere BigInsights is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2942 HIGH PATCH This Week

IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

IBM Authentication Bypass Urbancode Deploy
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-2941 MEDIUM This Month

IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2924 MEDIUM PATCH This Month

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0320 MEDIUM PATCH This Month

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Urbancode Deploy
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-0218 MEDIUM PATCH This Month

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Business Intelligence
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0217 MEDIUM PATCH This Month

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8967 MEDIUM This Month

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-6117 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-6105 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-9731 MEDIUM PATCH This Month

IBM Business Process Manager is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8981 MEDIUM This Month

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8980 HIGH This Week

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE IBM License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-8966 MEDIUM This Month

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-8961 MEDIUM This Month

IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8943 MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8942 LOW PATCH Monitor

IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-8941 HIGH PATCH This Week

IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-8936 MEDIUM PATCH This Month

IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Social Rendering Templates For Digital Data Connector
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8934 MEDIUM PATCH This Month

IBM WebSphere Application Server is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8921 HIGH This Week

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE IBM File Upload Filenet Workplace Xt
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2016-8920 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8918 MEDIUM PATCH This Month

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Authentication Bypass Integration Bus
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-8913 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-8912 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lms On Cloud
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-8911 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lms On Cloud
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6126 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-6125 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6124 HIGH This Week

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE IBM File Upload Kenexa Lms On Cloud
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2016-6123 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6122 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lms On Cloud
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6113 MEDIUM This Month

IBM Verse is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6090 CRITICAL PATCH Act Now

IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Commerce
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2016-6085 MEDIUM PATCH This Month

IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Bigfix Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Bigfix Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Cloud Orchestrator
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability has been identified in the IBM Cloud Orchestrator task API. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator
NVD
EPSS 0% CVSS 2.8
LOW PATCH Monitor

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. Rated low severity (CVSS 2.8).

IBM Authentication Bypass Cloud Orchestrator +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Extreme Scale
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Authentication Bypass Security Directory Server +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Doors Next Generation +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Access Manager For Web 8 0 Firmware +2
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix IBM Information Disclosure +3
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE IBM File Upload +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Key Lifecycle Manager +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Security Access Manager For Web 7 0 Firmware +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Dashboard Application Services Hub
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Security Identity Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Identity Manager Virtual Appliance
NVD
EPSS 0% CVSS 2.4
LOW PATCH Monitor

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity.

Session Fixation IBM Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Urbancode Deploy
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Datastage +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Datastage +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM InfoSphere Information Server stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Datastage
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure License Metric Tool +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure License Metric Tool +1
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass File Upload +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Kenexa Lms
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE IBM Authentication Bypass +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE IBM Authentication Bypass +1
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Application Server
NVD
EPSS 4% CVSS 7.2
HIGH PATCH This Week

IBM General Parallel File System is vulnerable to a buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

VMware IBM Authentication Bypass +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Urbancode Deploy
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

SSRF IBM Information Disclosure +1
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

IBM Sterling Order Management transmits the session identifier within the URL. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling Selling And Fulfillment Foundation
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Kenexa Lms
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Kenexa Lms
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Inotes
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Infosphere BigInsights is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Biginsights
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

IBM Authentication Bypass Urbancode Deploy
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Urbancode Deploy
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Biginsights
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Urbancode Deploy
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Business Intelligence
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass License Metric Tool +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure License Metric Tool +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE IBM +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure License Metric Tool +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM License Metric Tool +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Control +1
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Spectrum Control +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Spectrum Control +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Social Rendering Templates For Digital Data Connector
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 3% CVSS 8.8
HIGH This Week

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE IBM File Upload +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Kenexa Lms On Cloud
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Authentication Bypass Integration Bus
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Kenexa Lms On Cloud
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lms On Cloud
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lms On Cloud
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Kenexa Lms On Cloud
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Kenexa Lms On Cloud
NVD
EPSS 3% CVSS 8.8
HIGH This Week

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE IBM File Upload +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Kenexa Lms On Cloud
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lms On Cloud
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Verse is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Domino +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Commerce
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Bigfix Platform
NVD
Prev Page 43 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy