CVE-2024-22318

Public exploit
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
Max CVSS
5.5
EPSS Score
0.06%
Published
2024-02-09
Updated
2024-02-16

CVE-2023-28528

Public exploit
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.
Max CVSS
8.4
EPSS Score
0.19%
Published
2023-04-28
Updated
2023-05-18

CVE-2020-4429

Public exploit
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
Max CVSS
10.0
EPSS Score
2.67%
Published
2020-05-07
Updated
2020-05-08

CVE-2020-4428

Known exploited
Public exploit
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
Max CVSS
9.1
EPSS Score
0.40%
Published
2020-05-07
Updated
2020-05-08
CISA KEV Added
2021-11-03

CVE-2020-4427

Known exploited
Public exploit
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
Max CVSS
9.8
EPSS Score
1.83%
Published
2020-05-07
Updated
2022-07-12
CISA KEV Added
2021-11-03

CVE-2019-4716

Known exploited
Public exploit
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
Max CVSS
10.0
EPSS Score
7.05%
Published
2019-12-18
Updated
2023-02-01
CISA KEV Added
2021-11-03

CVE-2019-4279

Public exploit
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
Max CVSS
10.0
EPSS Score
15.19%
Published
2019-05-17
Updated
2023-02-03

CVE-2019-4061

Public exploit
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.
Max CVSS
5.3
EPSS Score
0.62%
Published
2019-02-27
Updated
2023-02-03

CVE-2018-1612

Public exploit
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164.
Max CVSS
5.8
EPSS Score
1.16%
Published
2018-07-17
Updated
2019-10-09

CVE-2018-1418

Public exploit
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
Max CVSS
8.8
EPSS Score
18.01%
Published
2018-04-26
Updated
2019-03-14

CVE-2017-1130

Public exploit
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.
Max CVSS
6.5
EPSS Score
91.02%
Published
2017-09-05
Updated
2019-10-03

CVE-2017-1129

Public exploit
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.
Max CVSS
6.5
EPSS Score
92.31%
Published
2017-09-05
Updated
2019-10-03

CVE-2017-1092

Public exploit
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
Max CVSS
10.0
EPSS Score
96.86%
Published
2017-05-22
Updated
2019-10-03

CVE-2016-9722

Public exploit
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.
Max CVSS
4.9
EPSS Score
0.07%
Published
2018-01-10
Updated
2019-04-26

CVE-2015-7450

Known exploited
Public exploit
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
Max CVSS
10.0
EPSS Score
97.12%
Published
2016-01-02
Updated
2017-09-08
CISA KEV Added
2022-01-10

CVE-2015-4000

Public exploit
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Max CVSS
4.3
EPSS Score
97.46%
Published
2015-05-21
Updated
2023-02-09

CVE-2015-0235

Public exploit
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Max CVSS
10.0
EPSS Score
97.52%
Published
2015-01-28
Updated
2022-07-05

CVE-2014-3566

Public exploit
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Max CVSS
4.3
EPSS Score
97.49%
Published
2014-10-15
Updated
2023-09-12

CVE-2013-5447

Public exploit
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.
Max CVSS
6.8
EPSS Score
94.46%
Published
2013-12-10
Updated
2017-08-29

CVE-2013-4011

Public exploit
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
Max CVSS
7.2
EPSS Score
0.16%
Published
2013-07-18
Updated
2017-09-19

CVE-2013-3986

Public exploit
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.
Max CVSS
4.3
EPSS Score
1.05%
Published
2013-11-08
Updated
2017-08-29

CVE-2013-3982

Public exploit
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.
Max CVSS
5.0
EPSS Score
0.41%
Published
2014-05-26
Updated
2017-08-29

CVE-2013-3977

Public exploit
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
Max CVSS
4.3
EPSS Score
0.57%
Published
2014-05-26
Updated
2017-08-29

CVE-2013-3975

Public exploit
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.
Max CVSS
5.0
EPSS Score
0.41%
Published
2014-05-26
Updated
2017-08-29

CVE-2012-5946

Public exploit
Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.
Max CVSS
9.3
EPSS Score
96.42%
Published
2013-04-30
Updated
2017-08-29
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!