Vulnerabilities in IBM
4,716 resultsCVE-2018-1845HIGHIBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML datEPSS 2.0%CVE-2020-4269HIGHIBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbounEPSS 2.0%CVE-2019-4481HIGHIBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remoteEPSS 2.0%CVE-2019-4483HIGHIBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remoteEPSS 2.0%CVE-2019-4130CRITICALIBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbiEPSS 2.0%CVE-2018-1797MEDIUMIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse direEPSS 2.0%CVE-2023-23477HIGHIBM WebSphere Application Server code executionEPSS 1.9%CVE-2017-1743—IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper hanEPSS 1.9%CVE-2016-6087—IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key EEPSS 1.9%CVE-2021-3723HIGHA command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 365EPSS 1.9%CVE-2021-29679HIGHIBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contEPSS 1.9%CVE-2020-4669HIGHIBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote portEPSS 1.9%CVE-2019-4674MEDIUMIBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-EPSS 1.9%CVE-2018-1906MEDIUMIBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP requEPSS 1.9%CVE-2018-1775MEDIUMIBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenEPSS 1.9%CVE-2020-4240MEDIUMIBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send EPSS 1.9%CVE-2021-29747MEDIUMIBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the auEPSS 1.9%CVE-2020-4470HIGHIBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files whichEPSS 1.9%CVE-2020-4465MEDIUMIBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an errEPSS 1.9%CVE-2019-4052HIGHIBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force EPSS 1.9%