CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-9985 532 2017-03-08 2017-03-21
2.1
None Local Low Not required Partial None None
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.
2 CVE-2016-9739 255 2017-02-01 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
3 CVE-2016-9703 384 +Info 2017-02-01 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.
4 CVE-2016-9697 200 +Info 2017-03-20 2017-03-23
2.1
None Remote High Single system Partial None None
An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960.
5 CVE-2016-8981 200 +Info 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
6 CVE-2016-8967 255 2017-02-01 2017-02-09
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
7 CVE-2016-8963 200 +Info 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
8 CVE-2016-6110 255 2017-02-01 2017-02-15
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager undisclosed unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
9 CVE-2016-6097 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
10 CVE-2016-6092 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
11 CVE-2016-6026 200 +Info 2016-10-06 2016-11-28
2.9
None Local Network Medium Not required Partial None None
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
12 CVE-2016-5976 200 +Info 2016-09-26 2016-11-28
2.6
None Remote High Not required Partial None None
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.
13 CVE-2016-5967 532 2016-11-24 2016-11-28
2.1
None Local Low Not required Partial None None
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.
14 CVE-2016-5938 200 +Info 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.
15 CVE-2016-5927 200 +Info 2016-09-12 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.
16 CVE-2016-3059 200 +Info 2016-08-07 2016-08-12
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.
17 CVE-2016-3034 326 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.
18 CVE-2016-3024 200 +Info 2017-02-01 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
19 CVE-2016-3002 200 +Info 2016-11-30 2016-11-30
2.1
None Local Low Not required Partial None None
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.
20 CVE-2016-2981 200 +Info 2017-03-20 2017-03-23
2.1
None Local Low Not required Partial None None
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.
21 CVE-2016-2949 200 +Info 2016-11-30 2016-12-02
2.1
None Local Low Not required Partial None None
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session.
22 CVE-2016-2941 200 Exec Code +Info 2017-02-01 2017-02-10
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
23 CVE-2016-2894 200 +Info 2016-07-03 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.
24 CVE-2016-2880 320 2017-03-01 2017-03-08
2.1
None Local Low Not required Partial None None
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
25 CVE-2016-2879 326 2017-03-01 2017-03-03
2.1
None Local Low Not required Partial None None
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
26 CVE-2016-2877 275 2016-11-30 2016-12-22
2.1
None Local Low Not required None Partial None
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file.
27 CVE-2016-0394 275 2017-02-01 2017-02-07
2.1
None Local Low Not required None Partial None
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
28 CVE-2016-0380 264 +Info 2016-08-07 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.
29 CVE-2016-0338 200 +Info 2016-07-15 2016-07-18
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process.
30 CVE-2016-0321 200 +Info 2016-07-17 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
31 CVE-2016-0296 532 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
32 CVE-2016-0292 200 +Info 2016-08-30 2016-08-30
2.1
None Local Low Not required Partial None None
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.
33 CVE-2016-0287 254 2016-07-07 2016-11-28
2.1
None Local Low Not required Partial None None
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.
34 CVE-2016-0259 200 Bypass +Info 2016-06-26 2016-11-29
2.1
None Local Low Not required Partial None None
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.
35 CVE-2016-0247 200 Bypass +Info 2016-10-21 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.
36 CVE-2016-0206 20 2017-02-08 2017-02-15
2.1
None Local Low Not required None None Partial
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
37 CVE-2016-0203 200 +Info 2017-02-08 2017-02-15
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
38 CVE-2016-0202 200 +Info 2017-02-08 2017-02-15
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.
39 CVE-2015-7488 200 +Info 2016-01-27 2016-01-27
2.1
None Local Low Not required Partial None None
IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.
40 CVE-2015-7473 284 Bypass 2016-06-26 2016-11-29
2.1
None Local Low Not required None Partial None
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.
41 CVE-2015-7462 255 2016-06-19 2016-11-29
2.1
None Local Low Not required Partial None None
IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.
42 CVE-2015-7437 200 +Info 2016-01-02 2016-01-07
2.1
None Local Low Not required Partial None None
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors.
43 CVE-2015-7422 119 DoS Overflow 2016-01-02 2016-01-07
2.1
None Local Low Not required None None Partial
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.
44 CVE-2015-7418 200 +Info 2017-02-08 2017-02-14
2.1
None Local Low Not required Partial None None
IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.
45 CVE-2015-7416 20 DoS 2016-01-02 2016-01-05
2.1
None Local Low Not required None None Partial
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file.
46 CVE-2015-7412 200 +Info 2015-11-08 2015-11-09
2.6
None Remote High Not required Partial None None
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack.
47 CVE-2015-7408 264 2016-02-14 2016-03-10
2.6
None Remote High Not required Partial None None
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
48 CVE-2015-7403 DoS 2016-01-02 2016-12-05
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.
49 CVE-2015-6557 200 +Info 2015-08-22 2015-08-24
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.
50 CVE-2015-5013 200 +Info 2017-02-08 2017-02-14
2.1
None Local Low Not required Partial None None
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
Total number of vulnerabilities : 179   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.