Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2016-6084 MEDIUM PATCH This Month

IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service IBM Bigfix Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6082 CRITICAL PATCH Act Now

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption IBM Use After Free RCE Bigfix Platform
NVD
CVSS 3.0
10.0
EPSS
7.4%
CVE-2016-6080 MEDIUM PATCH This Month

The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Message Broker
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-6072 MEDIUM PATCH This Month

IBM Maximo Asset Management is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +9
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6065 HIGH PATCH This Week

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6061 MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6059 HIGH PATCH This Week

IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Infosphere Datastage Infosphere Information Server +1
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-6054 MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6047 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6046 MEDIUM PATCH This Month

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Storage Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6045 HIGH PATCH This Week

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Tivoli Storage Manager
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-6044 MEDIUM PATCH This Month

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Tivoli Storage Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-6042 HIGH PATCH This Week

IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE IBM Security Appscan
NVD
CVSS 3.0
7.3
EPSS
0.8%
CVE-2016-6040 MEDIUM PATCH This Month

IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Session Fixation IBM Information Disclosure Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2016-6039 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6034 MEDIUM PATCH This Month

IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM VMware Information Disclosure Tivoli Storage Manager For Virtual Environments Data Protection For Vmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2016-6030 MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6028 MEDIUM PATCH This Month

IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6020 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect IBM Sterling B2b Integrator
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6000 MEDIUM PATCH This Month

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5994 MEDIUM PATCH This Month

IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-5990 MEDIUM PATCH This Month

IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Privileged Identity Manager
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2016-5988 MEDIUM PATCH This Month

IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-5985 HIGH PATCH This Week

The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE IBM Tivoli Storage Manager
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5984 MEDIUM PATCH This Month

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5980 MEDIUM PATCH This Month

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-5966 MEDIUM PATCH This Month

IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-5964 CRITICAL PATCH Act Now

IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Privileged Identity Manager
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-5958 HIGH PATCH This Week

IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5952 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-5951 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5950 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Kenexa Lcms Premier
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-5949 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2016-5948 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5939 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2016-5937 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Kenexa Lcms Premier
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5899 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5898 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-5897 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5896 MEDIUM PATCH This Month

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +3
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-5884 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5882 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5880 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3053 HIGH POC This Week

IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Privilege Escalation Aix
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.0%
CVE-2016-3046 LOW PATCH Monitor

IBM Security Access Manager for Web is vulnerable to SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
2.7
EPSS
0.1%
CVE-2016-3045 LOW PATCH Monitor

IBM Security Access Manager for Web stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-3043 MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile +1
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-3035 MEDIUM PATCH This Month

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-3034 MEDIUM PATCH This Month

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-3029 HIGH PATCH This Week

IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 8 0 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-3027 MEDIUM PATCH This Month

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware +1
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-3024 MEDIUM PATCH This Month

IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 8 0 Firmware
NVD
CVSS 3.0
4.0
EPSS
0.1%
CVE-2016-3023 MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-3022 MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2016-3021 LOW Monitor

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.0
2.7
EPSS
0.1%
CVE-2016-3018 MEDIUM This Month

IBM Security Access Manager for Web is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Access Manager Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3017 HIGH PATCH This Week

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-3016 MEDIUM PATCH This Month

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2016-2939 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2938 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2908 CRITICAL PATCH Act Now

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE IBM Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware +1
NVD
CVSS 3.0
9.1
EPSS
0.9%
CVE-2016-0396 HIGH PATCH This Week

IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Bigfix Platform
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-0394 LOW PATCH Monitor

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-0297 LOW Monitor

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-0296 LOW PATCH Monitor

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-0265 MEDIUM PATCH This Month

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Campaign
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9879 Maven HIGH PATCH This Week

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass IBM Java Apache +2
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-3055 HIGH PATCH This Week

IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM Denial Of Service XXE Filenet Workplace
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-3047 MEDIUM This Month

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Filenet Workplace
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-3044 MEDIUM This Month

The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Linux Powerkvm
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-3033 HIGH This Week

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service XXE Appscan Source
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-3012 HIGH This Week

IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Node.js Api Connect Network Path Manager
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-2994 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Urbancode Deploy
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2991 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Lotus Protector For Mail Security
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2955 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2946 HIGH PATCH This Week

Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Buffer Overflow Tivoli Monitoring
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2917 HIGH This Week

The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Tririga Application Platform
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-2887 HIGH PATCH This Week

IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Ims Enterprise Suite
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-2884 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS CSRF Forms Experience Builder
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-2881 MEDIUM PATCH This Month

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-2878 HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS CSRF Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-2877 LOW PATCH Monitor

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-2876 HIGH PATCH This Week

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-2874 LOW PATCH Monitor

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-2873 HIGH PATCH This Week

SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-2871 HIGH PATCH This Week

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2869 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5987 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-5905 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5890 MEDIUM PATCH This Month

IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

IBM Authentication Bypass Sterling B2b Integrator
NVD
CVSS 3.0
5.3
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service IBM Bigfix Platform
NVD
EPSS 7% CVSS 10.0
CRITICAL PATCH Act Now

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption IBM Use After Free +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Message Broker
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +3
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Storage Manager
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Tivoli Storage Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Tivoli Storage Manager
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE IBM +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Session Fixation IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM VMware +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Rational Collaborative Lifecycle Management
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect IBM Sterling B2b Integrator
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Privileged Identity Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE IBM +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Privileged Identity Manager
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Kenexa Lcms Premier
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Kenexa Lcms Premier
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms On Cloud
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management +5
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Privilege Escalation Aix
NVD Exploit-DB
EPSS 0% CVSS 2.7
LOW PATCH Monitor

IBM Security Access Manager for Web is vulnerable to SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Security Access Manager For Web 8 0 Firmware +2
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

IBM Security Access Manager for Web stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager +2
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager For Web 7 0 Firmware +3
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Appscan Source
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Security Appscan Source
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Security Access Manager 9 0 Firmware +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +3
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager 9 0 Firmware +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager 9 0 Firmware +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Access Manager 9 0 Firmware +3
NVD
EPSS 0% CVSS 2.7
LOW Monitor

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager 9 0 Firmware +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Security Access Manager for Web is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Access Manager +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Access Manager 9 0 Firmware +3
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

IBM Information Disclosure Security Access Manager 9 0 Firmware +3
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE IBM +3
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Bigfix Platform
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Bigfix Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Campaign
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass IBM +4
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM Denial Of Service XXE +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Filenet Workplace
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Linux +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service XXE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Node.js +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Urbancode Deploy
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Lotus Protector For Mail Security
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Buffer Overflow Tivoli Monitoring
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Tririga Application Platform
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS CSRF +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS CSRF +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Maximo Asset Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Maximo Asset Management
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

IBM Authentication Bypass Sterling B2b Integrator
NVD
Prev Page 44 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy