Vulnerabilities in IBM
4,716 resultsCVE-2018-1542HIGHIBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1EPSS 2.4%CVE-2018-2019HIGHIBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML dataEPSS 2.4%CVE-2018-1424HIGHIBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remoEPSS 2.4%CVE-2020-4854CRITICALIBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for EPSS 2.4%CVE-2017-1788MEDIUMIBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID:EPSS 2.4%CVE-2018-1719MEDIUMIBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a doEPSS 2.4%CVE-2018-1398MEDIUMIBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive informatiEPSS 2.4%CVE-2019-4724MEDIUMIBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settEPSS 2.4%CVE-2019-4723MEDIUMIBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settEPSS 2.4%CVE-2019-4505LOWIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caEPSS 2.4%CVE-2017-1192—IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker cEPSS 2.3%CVE-2018-1437HIGHIBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted searEPSS 2.3%CVE-2017-1322—IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could expEPSS 2.3%CVE-2016-9736—IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.EPSS 2.3%CVE-2020-4567HIGHIBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force EPSS 2.3%CVE-2020-4689MEDIUMIBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, causEPSS 2.3%CVE-2020-5023HIGHIBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash dEPSS 2.3%CVE-2018-1973HIGHIBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' lEPSS 2.3%CVE-2019-4210CRITICALIBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure EPSS 2.3%CVE-2017-1499—IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute EPSS 2.3%