CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-29903 89 Sql 2021-10-06 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506.
2 CVE-2021-29801 +Priv 2021-08-26 2021-09-07
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.
3 CVE-2021-29772 94 2021-08-26 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.
4 CVE-2021-29741 269 +Priv 2021-08-02 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478.
5 CVE-2021-29740 134 Exec Code 2021-06-01 2021-06-07
7.2
None Local Low Not required Complete Complete Complete
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.
6 CVE-2021-29707 269 2021-07-19 2021-07-26
7.2
None Local Low Not required Complete Complete Complete
IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.
7 CVE-2021-29672 787 Exec Code Overflow 2021-04-26 2021-04-27
7.2
None Local Low Not required Complete Complete Complete
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479
8 CVE-2020-27583 502 Exec Code 2021-01-26 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
9 CVE-2020-7621 74 Exec Code 2020-04-02 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function.
10 CVE-2020-4988 DoS Exec Code 2020-12-21 2020-12-22
7.5
None Remote Low Not required Partial Partial Partial
Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706.
11 CVE-2020-4958 306 2021-01-21 2021-01-28
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209.
12 CVE-2020-4829 +Priv 2020-12-10 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.
13 CVE-2020-4747 287 2020-12-15 2020-12-17
7.5
None Remote Low Not required Partial Partial Partial
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516.
14 CVE-2020-4690 798 2021-09-23 2021-09-29
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.
15 CVE-2020-4587 787 2020-08-24 2020-08-27
7.2
None Local Low Not required Complete Complete Complete
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.
16 CVE-2020-4561 829 2021-06-01 2021-12-02
7.5
None Remote Low Not required Partial Partial Partial
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.
17 CVE-2020-4534 269 Exec Code +Priv 2020-08-03 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808.
18 CVE-2020-4499 862 Bypass 2020-10-15 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
19 CVE-2020-4493 287 Bypass 2020-10-05 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995.
20 CVE-2020-4459 798 2020-08-04 2020-08-06
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395.
21 CVE-2020-4385 798 2020-07-22 2020-07-24
7.5
None Remote Low Not required Partial Partial Partial
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266.
22 CVE-2020-4347 269 2020-04-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412.
23 CVE-2020-4229 384 2020-06-05 2020-06-10
7.5
None Remote Low Not required Partial Partial Partial
IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.
24 CVE-2020-4216 798 2020-06-15 2020-06-17
7.5
None Remote Low Not required Partial Partial Partial
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066.
25 CVE-2020-4208 798 2020-03-31 2020-03-31
7.5
None Remote Low Not required Partial Partial Partial
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975.
26 CVE-2020-4184 269 2021-03-15 2021-03-17
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802..
27 CVE-2020-4177 798 2020-06-03 2020-06-03
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732.
28 CVE-2019-4694 798 2020-08-26 2020-08-27
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832.
29 CVE-2019-4675 798 2020-02-04 2020-02-12
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511.
30 CVE-2019-4651 89 Sql 2020-01-09 2020-01-14
7.5
None Remote Low Not required Partial Partial Partial
IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962.
31 CVE-2019-4558 74 2019-10-09 2019-10-11
7.2
None Local Low Not required Complete Complete Complete
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.
32 CVE-2019-4483 89 Sql 2019-08-20 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.
33 CVE-2019-4481 89 Sql 2019-08-20 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.
34 CVE-2019-4357 Exec Code 2019-07-01 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,
35 CVE-2019-4322 119 Exec Code Overflow 2019-07-01 2019-07-03
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.
36 CVE-2019-4294 78 Exec Code 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.
37 CVE-2019-4267 119 Exec Code Overflow 2019-07-22 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200.
38 CVE-2019-4253 +Priv 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.
39 CVE-2019-4227 384 2019-10-04 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.
40 CVE-2019-4183 400 DoS 2019-09-17 2019-10-09
7.8
None Remote Low Not required None None Complete
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.
41 CVE-2019-4155 2019-04-08 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.
42 CVE-2019-4103 Exec Code 2019-06-17 2020-08-24
7.7
None Local Network Low ??? Complete Complete Complete
IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094.
43 CVE-2019-4088 +Priv 2019-07-02 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511.
44 CVE-2019-4078 732 Exec Code 2019-05-23 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.
45 CVE-2019-4032 89 Sql 2019-03-05 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998.
46 CVE-2019-4031 +Priv 2019-10-16 2021-06-07
7.2
None Local Low Not required Complete Complete Complete
IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.
47 CVE-2019-4012 89 Sql 2019-04-15 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886.
48 CVE-2018-1998 78 Exec Code 2019-03-11 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.
49 CVE-2018-1994 89 Sql 2019-04-10 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.
50 CVE-2018-1944 798 2019-02-21 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386.
Total number of vulnerabilities : 535   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.