| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5601 |
CVE-2019-4167 |
352 |
|
CSRF |
2019-08-20 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700. |
|
5602 |
CVE-2019-4166 |
601 |
|
+Info |
2019-04-30 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699. |
|
5603 |
CVE-2019-4165 |
20 |
|
DoS |
2019-07-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698. |
|
5604 |
CVE-2019-4163 |
200 |
|
+Info |
2019-07-31 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696. |
|
5605 |
CVE-2019-4162 |
20 |
|
|
2019-06-06 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661. |
|
5606 |
CVE-2019-4158 |
264 |
|
|
2019-06-25 |
2019-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574. |
|
5607 |
CVE-2019-4157 |
79 |
|
XSS |
2019-06-25 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. |
|
5608 |
CVE-2019-4156 |
200 |
|
+Info |
2019-06-25 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. |
|
5609 |
CVE-2019-4155 |
264 |
|
|
2019-04-08 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544. |
|
5610 |
CVE-2019-4154 |
119 |
|
Exec Code Overflow |
2019-07-01 |
2019-07-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519. |
|
5611 |
CVE-2019-4151 |
326 |
|
|
2019-06-25 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. |
|
5612 |
CVE-2019-4150 |
295 |
|
|
2019-06-25 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. |
|
5613 |
CVE-2019-4147 |
89 |
|
Sql |
2019-09-16 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. |
|
5614 |
CVE-2019-4142 |
352 |
|
CSRF |
2019-06-18 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338. |
|
5615 |
CVE-2019-4141 |
400 |
|
DoS |
2019-09-27 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337. |
|
5616 |
CVE-2019-4138 |
200 |
|
+Info |
2019-05-29 |
2019-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334. |
|
5617 |
CVE-2019-4137 |
79 |
|
XSS |
2019-05-29 |
2019-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333. |
|
5618 |
CVE-2019-4135 |
264 |
|
|
2019-06-25 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331. |
|
5619 |
CVE-2019-4134 |
79 |
|
XSS |
2019-07-02 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281. |
|
5620 |
CVE-2019-4131 |
20 |
|
|
2019-07-11 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270. |
|
5621 |
CVE-2019-4129 |
200 |
|
+Info |
2019-07-02 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. |
|
5622 |
CVE-2019-4119 |
20 |
|
|
2019-05-17 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145. |
|
5623 |
CVE-2019-4117 |
352 |
|
CSRF |
2019-08-20 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116. |
|
5624 |
CVE-2019-4109 |
1021 |
|
|
2019-09-30 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. |
|
5625 |
CVE-2019-4103 |
264 |
|
Exec Code |
2019-06-17 |
2019-10-09 |
7.7 |
None |
Local Network |
Low |
Single system |
Complete |
Complete |
Complete |
|
IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094. |
|
5626 |
CVE-2019-4102 |
326 |
|
|
2019-07-01 |
2019-07-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. |
|
5627 |
CVE-2019-4094 |
264 |
|
|
2019-03-21 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014. |
|
5628 |
CVE-2019-4092 |
601 |
|
+Info |
2019-04-25 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. |
|
5629 |
CVE-2019-4088 |
264 |
|
+Priv |
2019-07-02 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. |
|
5630 |
CVE-2019-4087 |
119 |
|
Exec Code Overflow |
2019-07-02 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510. |
|
5631 |
CVE-2019-4086 |
1021 |
|
|
2019-09-17 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. |
|
5632 |
CVE-2019-4084 |
200 |
|
+Info |
2019-06-27 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384. |
|
5633 |
CVE-2019-4080 |
400 |
|
DoS |
2019-04-02 |
2019-10-09 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380. |
|
5634 |
CVE-2019-4078 |
264 |
|
Exec Code |
2019-05-23 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190. |
|
5635 |
CVE-2019-4072 |
613 |
|
|
2019-05-09 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064. |
|
5636 |
CVE-2019-4071 |
77 |
|
Exec Code |
2019-05-09 |
2019-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063. |
|
5637 |
CVE-2019-4069 |
434 |
|
|
2019-06-07 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014. |
|
5638 |
CVE-2019-4068 |
200 |
|
+Info |
2019-06-07 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013. |
|
5639 |
CVE-2019-4067 |
200 |
|
+Info |
2019-06-07 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012. |
|
5640 |
CVE-2019-4066 |
20 |
|
Exec Code |
2019-06-07 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011. |
|
5641 |
CVE-2019-4063 |
200 |
|
+Info |
2019-03-05 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008. |
|
5642 |
CVE-2019-4062 |
611 |
|
|
2019-07-30 |
2019-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007. |
|
5643 |
CVE-2019-4061 |
287 |
|
|
2019-02-27 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869. |
|
5644 |
CVE-2019-4059 |
255 |
|
|
2019-02-15 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583. |
|
5645 |
CVE-2019-4058 |
254 |
|
|
2019-05-20 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570. |
|
5646 |
CVE-2019-4057 |
264 |
|
Exec Code |
2019-07-01 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567. |
|
5647 |
CVE-2019-4056 |
434 |
|
|
2019-06-05 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. |
|
5648 |
CVE-2019-4055 |
20 |
|
DoS |
2019-04-19 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. |
|
5649 |
CVE-2019-4052 |
200 |
|
+Info |
2019-03-22 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. |
|
5650 |
CVE-2019-4051 |
200 |
|
+Info |
2019-04-08 |
2019-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542. |
