Vulnerabilidades en IBM
4716 resultadosCVE-2018-1453HIGHIBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that canEPSS 2.1%CVE-2020-4377HIGHIBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attackerEPSS 2.1%CVE-2021-20492MEDIUMIBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when pEPSS 2.1%CVE-2019-4386MEDIUMIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would caEPSS 2.1%CVE-2019-4442MEDIUMIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attackeEPSS 2.1%CVE-2019-4066HIGHIBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID EPSS 2.1%CVE-2019-4545HIGHIBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks. IBM X-Force ID: 1EPSS 2.1%CVE-2018-1847MEDIUMIBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4EPSS 2.1%CVE-2020-4481HIGHIBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when procesEPSS 2.0%CVE-2021-29688MEDIUMIBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message isEPSS 2.0%CVE-2020-4576MEDIUMIBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a speEPSS 2.0%CVE-2017-1501—IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the wEPSS 2.0%CVE-2018-1375MEDIUMIBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could leaEPSS 2.0%CVE-2017-1379—IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the DeveloEPSS 2.0%CVE-2020-4747HIGHIBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to imEPSS 2.0%CVE-2020-4512CRITICALIBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.EPSS 2.0%CVE-2020-5024HIGHIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker toEPSS 2.0%CVE-2017-1597MEDIUMIBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should haveEPSS 2.0%CVE-2018-1956MEDIUMIBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackersEPSS 2.0%CVE-2018-1503MEDIUMIBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause meEPSS 2.0%