IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.
Max CVSS
2.4
EPSS Score
0.04%
Published
2024-02-21
Updated
2024-02-22
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.
Max CVSS
3.7
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.
Max CVSS
3.7
EPSS Score
0.09%
Published
2023-06-07
Updated
2023-06-15
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.
Max CVSS
3.7
EPSS Score
0.06%
Published
2023-06-08
Updated
2023-06-16
IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013.
Max CVSS
3.3
EPSS Score
0.04%
Published
2023-08-31
Updated
2023-09-01
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.
Max CVSS
3.7
EPSS Score
0.05%
Published
2024-03-13
Updated
2024-03-13
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.
Max CVSS
3.9
EPSS Score
0.04%
Published
2023-03-15
Updated
2023-03-19
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.
Max CVSS
3.3
EPSS Score
0.04%
Published
2022-11-03
Updated
2023-05-12
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.
Max CVSS
2.7
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-22
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.
Max CVSS
3.8
EPSS Score
0.05%
Published
2022-07-14
Updated
2022-07-20
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.
Max CVSS
3.3
EPSS Score
0.04%
Published
2022-06-10
Updated
2022-06-17
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-09-30
Updated
2020-10-02
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-08-28
Updated
2021-07-21
IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318.
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-05-17
Updated
2020-05-18
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908.
Max CVSS
2.4
EPSS Score
0.05%
Published
2020-03-03
Updated
2020-03-03
IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.
Max CVSS
2.3
EPSS Score
0.04%
Published
2020-02-13
Updated
2020-08-24
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.
Max CVSS
2.3
EPSS Score
0.04%
Published
2019-10-25
Updated
2021-07-21
IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494.
Max CVSS
2.4
EPSS Score
0.05%
Published
2022-02-16
Updated
2022-02-23
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486
Max CVSS
3.6
EPSS Score
0.05%
Published
2020-11-03
Updated
2020-11-10
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.
Max CVSS
3.5
EPSS Score
0.05%
Published
2019-09-17
Updated
2022-12-09
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199.
Max CVSS
2.4
EPSS Score
0.05%
Published
2020-05-06
Updated
2020-05-08
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.
Max CVSS
2.4
EPSS Score
0.05%
Published
2019-10-10
Updated
2020-04-30
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401.
Max CVSS
3.5
EPSS Score
0.06%
Published
2019-04-25
Updated
2023-01-30
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
Max CVSS
2.1
EPSS Score
0.04%
Published
2019-06-06
Updated
2022-12-09
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-05-20
Updated
2019-10-09
504 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!