Vulnerabilities in IBM
4,716 resultsCVE-2021-20509HIGHIBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands oEPSS 1.7%CVE-2018-1969CRITICALIBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed wEPSS 1.7%CVE-2017-1633MEDIUMIBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specEPSS 1.7%CVE-2020-4795MEDIUMIBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially craftEPSS 1.7%CVE-2016-2983—IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLEPSS 1.7%CVE-2020-4310MEDIUMIBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the DEPSS 1.7%CVE-2019-4762MEDIUMIBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625.EPSS 1.7%CVE-2017-1328—IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of sEPSS 1.7%CVE-2017-1774—IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used EPSS 1.7%CVE-2016-9711MEDIUMIBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an aEPSS 1.7%CVE-2018-1387MEDIUMIBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to EPSS 1.7%CVE-2017-1625MEDIUMIBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacEPSS 1.7%CVE-2017-1395MEDIUMIBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive inEPSS 1.7%CVE-2017-1503—IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit thEPSS 1.7%CVE-2020-4271MEDIUMIBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower pEPSS 1.7%CVE-2017-1519—IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setupEPSS 1.7%CVE-2020-4572MEDIUMIBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical errorEPSS 1.7%CVE-2018-1784HIGHIBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807EPSS 1.7%CVE-2020-4876HIGHIBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A EPSS 1.7%CVE-2020-4875HIGHIBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A EPSS 1.7%