Vulnerabilities in IBM
4,716 resultsCVE-2020-4876HIGHIBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A EPSS 1.7%CVE-2019-4203HIGHIBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potEPSS 1.7%CVE-2021-20574HIGHIBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specEPSS 1.7%CVE-2020-4638HIGHIBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organizatiEPSS 1.7%CVE-2020-4239MEDIUMIBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical eEPSS 1.7%CVE-2018-1757MEDIUMIBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing aEPSS 1.7%CVE-2015-0102—IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackersEPSS 1.7%CVE-2019-4169HIGHIBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changeEPSS 1.7%CVE-2019-4051MEDIUMSome URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paEPSS 1.7%CVE-2020-4616MEDIUMIBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM EPSS 1.7%CVE-2019-4422HIGHIBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the acceEPSS 1.7%CVE-2017-1666—IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. AEPSS 1.7%CVE-2018-1833MEDIUMIBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has alreEPSS 1.7%CVE-2020-4958HIGHIBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user EPSS 1.7%CVE-2018-1674MEDIUMIBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send speEPSS 1.7%CVE-2018-1699MEDIUMIBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements,EPSS 1.7%CVE-2020-4870MEDIUMIBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 19EPSS 1.7%CVE-2019-4059HIGHIBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the passEPSS 1.7%CVE-2021-29703HIGHDb2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when EPSS 1.7%CVE-2017-1310—IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files toEPSS 1.7%