Skip to main content

IBM

5580 CVEs vendor

Monthly

CVE-2024-28776 MEDIUM This Month

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cognos Controller Controller
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-52902 HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Cognos Controller Controller
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-56463 MEDIUM PATCH This Month

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-56477 MEDIUM This Month

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Power Hardware Management Console
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-52895 MEDIUM This Month

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-55904 HIGH This Week

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-54176 MEDIUM This Month

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0158 MEDIUM This Month

IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Entirex
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-56467 LOW Monitor

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Entirex
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-54171 HIGH This Week

IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Entirex
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-52892 MEDIUM This Month

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2025-0799 MEDIUM This Month

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal App Connect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51450 CRITICAL Act Now

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Security Verify Directory
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-49814 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Security Verify Access
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49800 MEDIUM This Month

IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Applinx
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-49798 MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Applinx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49797 MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Applinx
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-49796 MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-49795 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Applinx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49794 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Applinx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49793 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-49792 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-49791 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-56473 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Shares
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-56472 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-56471 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-56470 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-38318 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-38317 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-38316 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Aspera Shares
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-52365 MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Business Automation
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-52364 MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Business Automation
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-49348 MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49352 HIGH PATCH This Week

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Cognos Analytics
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-45658 LOW Monitor

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2024-45657 MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. Rated medium severity (CVSS 5.0). No vendor patch available.

IBM Authentication Bypass Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-43187 MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-40700 MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-35138 MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Security Verify Access
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-45659 MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-49349 MEDIUM This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-49339 MEDIUM This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-49807 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-47116 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-47103 MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-45089 MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-40696 MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-38739 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-45650 HIGH This Month

IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Verify Directory
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-43916 MEDIUM This Month

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure App Connect Enterprise Certified Container
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-37413 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-37412 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Aspera Faspex
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-37398 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-35907 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-33838 MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-35017 MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-22315 MEDIUM Monitor

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Storage Fusion Storage Fusion Hci Storage Fusion Hci For Watsonx
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-27263 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-50316 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Sterling B2b Integrator
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-28786 MEDIUM This Month

IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-37526 MEDIUM This Month

IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Virtualization On Cloud Pak For Data Watson Query With Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-27256 MEDIUM This Month

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Mq Operator Supplied Mq Advanced Container Images
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-38325 MEDIUM This Month

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-38320 MEDIUM This Month

IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure VMware Storage Protect For Virtual Environments Storage Protect
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-37527 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Openpages With Watson
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22316 MEDIUM Monitor

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52292 MEDIUM This Month

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling File Gateway
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-47159 MEDIUM This Month

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-28771 MEDIUM Monitor

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Directory Integrator Security Verify Directory Integrator
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-28770 MEDIUM Monitor

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Directory Integrator Security Verify Directory Integrator
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-28766 LOW Monitor

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Directory Integrator Security Verify Directory Integrator
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2023-46187 MEDIUM This Month

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Master Data Management
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-50946 MEDIUM This Month

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Common Licensing
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50945 MEDIUM This Month

IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Common Licensing
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2023-38009 MEDIUM This Month

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure IBM Apple Cognos Analytics iOS
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2024-31906 MEDIUM This Month

IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Automation Decision Services
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-35150 MEDIUM This Month

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Maximo Application Suite
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-35148 MEDIUM This Month

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Maximo Application Suite
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-35145 MEDIUM This Month

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Maximo Application Suite
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-35144 MEDIUM This Month

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-39750 HIGH This Month

IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow IBM Analytics Content Hub
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-35134 MEDIUM This Month

IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Analytics Content Hub
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-35114 MEDIUM This Month

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-35113 MEDIUM Monitor

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-35112 MEDIUM This Month

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Control Center
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-35111 MEDIUM Monitor

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-38716 MEDIUM This Month

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak System
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-38714 MEDIUM This Month

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak System
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-38713 MEDIUM This Month

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak System
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-38271 MEDIUM This Month

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak System
NVD
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cognos Controller +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Cognos Controller +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Power Hardware Management Console
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service
NVD
EPSS 1% CVSS 7.2
HIGH This Week

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Devops Deploy +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Devops Deploy +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Entirex
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Entirex
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Entirex
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal App Connect Enterprise
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Security Verify Directory
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Security Verify Access
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Applinx
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Applinx
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Applinx
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Applinx
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Applinx
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Shares
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Aspera Shares
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Business Automation
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Cognos Analytics
NVD
EPSS 0% CVSS 2.7
LOW Monitor

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Access
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. Rated medium severity (CVSS 5.0). No vendor patch available.

IBM Authentication Bypass Security Verify Access +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Security Verify Access +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Security Verify Access +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Security Verify Access
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Access +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager For Multiplatform
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager For Multiplatform
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Sterling B2b Integrator
NVD
EPSS 0% CVSS 7.5
HIGH This Month

IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Verify Directory
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure App Connect Enterprise Certified Container
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Aspera Faspex
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Storage Fusion +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Sterling B2b Integrator
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Virtualization On Cloud Pak For Data +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Mq Operator +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure VMware +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Openpages With Watson
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Sterling File Gateway
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling File Gateway
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Directory Integrator +1
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Directory Integrator +1
NVD
EPSS 0% CVSS 2.4
LOW Monitor

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Directory Integrator +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Master Data Management
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Common Licensing
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Common Licensing
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure IBM Apple +2
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Automation Decision Services
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Maximo Application Suite
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Maximo Application Suite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Maximo Application Suite
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
EPSS 1% CVSS 8.8
HIGH This Month

IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow IBM +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Analytics Content Hub
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Control Center
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak System
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak System
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak System
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak System
NVD
Prev Page 9 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy