Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.
Max CVSS
3.7
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.
Max CVSS
3.7
EPSS Score
0.09%
Published
2023-06-07
Updated
2023-06-15
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.
Max CVSS
3.7
EPSS Score
0.06%
Published
2023-06-08
Updated
2023-06-16
IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013.
Max CVSS
3.3
EPSS Score
0.04%
Published
2023-08-31
Updated
2023-09-01
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.
Max CVSS
3.7
EPSS Score
0.05%
Published
2024-03-13
Updated
2024-03-13
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.
Max CVSS
3.9
EPSS Score
0.04%
Published
2023-03-15
Updated
2023-03-19
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.
Max CVSS
3.3
EPSS Score
0.04%
Published
2022-11-03
Updated
2023-05-12
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.
Max CVSS
3.8
EPSS Score
0.05%
Published
2022-07-14
Updated
2022-07-20
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.
Max CVSS
3.3
EPSS Score
0.04%
Published
2022-06-10
Updated
2022-06-17
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-09-30
Updated
2020-10-02
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-08-28
Updated
2021-07-21
IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318.
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-05-17
Updated
2020-05-18
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486
Max CVSS
3.6
EPSS Score
0.05%
Published
2020-11-03
Updated
2020-11-10
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.
Max CVSS
3.5
EPSS Score
0.05%
Published
2019-09-17
Updated
2022-12-09
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401.
Max CVSS
3.5
EPSS Score
0.06%
Published
2019-04-25
Updated
2023-01-30
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-05-20
Updated
2019-10-09
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.
Max CVSS
3.6
EPSS Score
0.06%
Published
2018-11-09
Updated
2019-10-09
IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.
Max CVSS
3.2
EPSS Score
0.04%
Published
2020-11-05
Updated
2020-11-12
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377.
Max CVSS
3.5
EPSS Score
0.05%
Published
2018-02-22
Updated
2018-03-12
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-12-13
Updated
2019-10-03
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.
Max CVSS
3.6
EPSS Score
0.04%
Published
2018-01-04
Updated
2019-10-03
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.
Max CVSS
3.3
EPSS Score
0.04%
Published
2018-01-11
Updated
2018-02-10
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.
Max CVSS
3.3
EPSS Score
0.06%
Published
2018-01-11
Updated
2018-02-01
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
Max CVSS
3.3
EPSS Score
0.05%
Published
2017-08-22
Updated
2017-08-30
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-07-21
Updated
2019-05-03
319 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!