CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1441 284 2017-08-30 2017-09-02
2.1
None Local Low Not required Partial None None
IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106.
2 CVE-2017-1434 200 +Info 2017-09-12 2017-09-20
2.1
None Local Low Not required Partial None None
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.
3 CVE-2017-1422 200 +Info 2017-08-22 2017-08-29
2.1
None Local Low Not required Partial None None
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
4 CVE-2017-1381 200 +Info 2017-07-21 2017-07-31
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.
5 CVE-2017-1349 200 +Info 2017-06-23 2017-06-27
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.
6 CVE-2017-1309 200 +Info 2017-07-19 2017-07-25
2.1
None Local Low Not required Partial None None
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.
7 CVE-2017-1302 200 +Info 2017-06-23 2017-06-26
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.
8 CVE-2017-1207 255 2017-07-05 2017-07-18
2.1
None Local Low Not required Partial None None
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
9 CVE-2017-1176 200 +Info 2017-07-05 2017-07-18
2.1
None Local Low Not required Partial None None
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299.
10 CVE-2017-1125 200 +Info 2017-06-07 2017-06-12
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.
11 CVE-2016-9985 532 2017-03-08 2017-03-21
2.1
None Local Low Not required Partial None None
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.
12 CVE-2016-9739 255 2017-02-01 2017-07-24
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
13 CVE-2016-9703 384 +Info 2017-02-01 2017-07-24
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.
14 CVE-2016-9697 200 +Info 2017-03-20 2017-03-23
2.1
None Remote High Single system Partial None None
An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960.
15 CVE-2016-8981 200 +Info 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
16 CVE-2016-8967 255 2017-02-01 2017-02-09
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
17 CVE-2016-8963 200 +Info 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
18 CVE-2016-8939 200 +Info 2017-06-07 2017-07-07
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.
19 CVE-2016-8916 200 +Info 2017-05-05 2017-05-17
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.
20 CVE-2016-6110 255 2017-02-01 2017-05-24
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
21 CVE-2016-6097 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
22 CVE-2016-6092 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
23 CVE-2016-6026 200 +Info 2016-10-06 2016-11-28
2.9
None Local Network Medium Not required Partial None None
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
24 CVE-2016-5976 200 +Info 2016-09-26 2016-11-28
2.6
None Remote High Not required Partial None None
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.
25 CVE-2016-5967 532 2016-11-24 2016-11-28
2.1
None Local Low Not required Partial None None
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.
26 CVE-2016-5960 200 +Info 2017-06-07 2017-06-13
2.1
None Local Low Not required Partial None None
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.
27 CVE-2016-5938 200 +Info 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.
28 CVE-2016-5927 200 +Info 2016-09-12 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.
29 CVE-2016-5893 200 +Info 2017-06-23 2017-06-26
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.
30 CVE-2016-3059 200 +Info 2016-08-07 2017-08-31
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.
31 CVE-2016-3034 326 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.
32 CVE-2016-3024 200 +Info 2017-02-01 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
33 CVE-2016-3002 200 +Info 2016-11-30 2016-11-30
2.1
None Local Low Not required Partial None None
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.
34 CVE-2016-2981 200 +Info 2017-03-20 2017-03-23
2.1
None Local Low Not required Partial None None
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.
35 CVE-2016-2978 200 +Info 2017-08-29 2017-09-02
2.1
None Local Low Not required Partial None None
IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938.
36 CVE-2016-2974 200 +Info 2017-08-29 2017-09-01
2.1
None Local Low Not required Partial None None
IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934.
37 CVE-2016-2972 255 2017-08-29 2017-09-06
2.1
None Local Low Not required Partial None None
IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855.
38 CVE-2016-2949 200 +Info 2016-11-30 2016-12-02
2.1
None Local Low Not required Partial None None
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session.
39 CVE-2016-2941 200 Exec Code +Info 2017-02-01 2017-02-10
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
40 CVE-2016-2894 200 +Info 2016-07-03 2017-08-31
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.
41 CVE-2016-2880 320 2017-03-01 2017-03-08
2.1
None Local Low Not required Partial None None
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
42 CVE-2016-2879 326 2017-03-01 2017-03-03
2.1
None Local Low Not required Partial None None
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
43 CVE-2016-2877 275 2016-11-30 2016-12-22
2.1
None Local Low Not required None Partial None
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file.
44 CVE-2016-0394 275 2017-02-01 2017-02-07
2.1
None Local Low Not required None Partial None
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
45 CVE-2016-0382 200 +Info 2017-05-03 2017-05-12
2.1
None Local Low Not required Partial None None
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.
46 CVE-2016-0380 264 +Info 2016-08-07 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.
47 CVE-2016-0338 200 +Info 2016-07-15 2017-08-31
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process.
48 CVE-2016-0321 200 +Info 2016-07-17 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
49 CVE-2016-0296 532 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
50 CVE-2016-0292 200 +Info 2016-08-30 2017-06-09
2.1
None Local Low Not required Partial None None
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.
Total number of vulnerabilities : 197   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.