Filtered by vendor Ibm
Subscribe
Total
7130 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4235 | 1 Ibm | 1 Pureapplication System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. | |||||
CVE-2019-4239 | 2 Ibm, Redhat | 2 Cloud Private, Openshift | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465. | |||||
CVE-2019-4477 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997. | |||||
CVE-2019-4536 | 1 Ibm | 1 I | 2024-02-28 | 3.3 LOW | 6.3 MEDIUM |
IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592. | |||||
CVE-2019-4158 | 1 Ibm | 1 Security Access Manager | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574. | |||||
CVE-2019-4166 | 1 Ibm | 1 Storediq | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699. | |||||
CVE-2019-4146 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 3.5 LOW | 3.1 LOW |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401. | |||||
CVE-2019-4062 | 1 Ibm | 1 I2 Intelligent Analysis Platform | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007. | |||||
CVE-2019-4102 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. | |||||
CVE-2019-4084 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384. | |||||
CVE-2018-1912 | 1 Ibm | 1 Rational Doors Next Generation | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152736. | |||||
CVE-2019-4340 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419. | |||||
CVE-2019-4336 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. | |||||
CVE-2018-1983 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136. | |||||
CVE-2019-4145 | 1 Ibm | 1 Security Access Manager | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400. | |||||
CVE-2019-4137 | 1 Ibm | 1 Spectrum Control | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333. | |||||
CVE-2018-1980 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078. | |||||
CVE-2019-4207 | 1 Ibm | 1 Tririga Application Platform | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148. | |||||
CVE-2018-1974 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915. | |||||
CVE-2019-4383 | 1 Ibm | 1 Spectrum Protect Plus | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. |