| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-33953 |
522 |
|
+Info |
2022-06-24 |
2022-07-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. |
|
2 |
CVE-2022-22444 |
|
|
DoS |
2022-06-15 |
2022-06-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444. |
|
3 |
CVE-2022-22367 |
312 |
|
|
2022-07-01 |
2022-07-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. |
|
4 |
CVE-2022-22366 |
312 |
|
|
2022-07-01 |
2022-07-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. |
|
5 |
CVE-2022-22350 |
|
|
DoS |
2022-03-02 |
2022-03-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394. |
|
6 |
CVE-2022-22328 |
269 |
|
|
2022-04-01 |
2022-06-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. |
|
7 |
CVE-2022-22321 |
522 |
|
|
2022-03-01 |
2022-03-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. |
|
8 |
CVE-2021-39000 |
200 |
|
+Info |
2021-11-30 |
2021-11-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215. |
|
9 |
CVE-2021-38999 |
200 |
|
+Info |
2021-11-30 |
2021-11-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. |
|
10 |
CVE-2021-38996 |
|
|
DoS |
2022-03-02 |
2022-03-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076. |
|
11 |
CVE-2021-38995 |
|
|
DoS |
2022-02-24 |
2022-03-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073. |
|
12 |
CVE-2021-38994 |
|
|
DoS |
2022-02-24 |
2022-03-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072. |
|
13 |
CVE-2021-38993 |
|
|
DoS |
2022-02-25 |
2022-03-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962. |
|
14 |
CVE-2021-38958 |
|
|
DoS |
2021-11-30 |
2021-11-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042 |
|
15 |
CVE-2021-38955 |
|
|
DoS |
2022-03-01 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825. |
|
16 |
CVE-2021-38901 |
200 |
|
+Info |
2021-12-13 |
2021-12-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. |
|
17 |
CVE-2021-38899 |
200 |
|
+Info |
2021-09-20 |
2021-09-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575. |
|
18 |
CVE-2021-38863 |
522 |
|
|
2021-09-23 |
2021-09-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. |
|
19 |
CVE-2021-29868 |
613 |
|
+Info |
2021-10-27 |
2021-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213. |
|
20 |
CVE-2021-29861 |
|
|
|
2021-11-17 |
2021-11-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085. |
|
21 |
CVE-2021-29860 |
|
|
|
2021-11-17 |
2021-11-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084. |
|
22 |
CVE-2021-29759 |
532 |
|
+Info |
2021-07-07 |
2021-07-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212. |
|
23 |
CVE-2021-29693 |
|
|
DoS |
2021-06-28 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255. |
|
24 |
CVE-2021-20575 |
922 |
|
|
2021-06-01 |
2021-06-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. |
|
25 |
CVE-2021-20546 |
787 |
|
Overflow |
2021-04-26 |
2021-04-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934 |
|
26 |
CVE-2021-20491 |
787 |
|
Overflow |
2021-04-16 |
2021-04-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792. |
|
27 |
CVE-2021-20478 |
200 |
|
+Info |
2021-07-20 |
2021-07-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497. |
|
28 |
CVE-2021-20435 |
295 |
|
+Info |
2021-09-23 |
2021-09-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355. |
|
29 |
CVE-2021-20434 |
522 |
|
|
2021-09-23 |
2021-09-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346. |
|
30 |
CVE-2021-20396 |
922 |
|
|
2021-06-11 |
2021-06-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009. |
|
31 |
CVE-2021-20391 |
922 |
|
|
2021-05-14 |
2021-05-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999. |
|
32 |
CVE-2020-4996 |
|
|
+Info |
2021-02-09 |
2021-02-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913. |
|
33 |
CVE-2020-4956 |
400 |
|
DoS |
2021-02-15 |
2021-02-17 |
2.3 |
None |
Local Network |
Medium |
??? |
None |
None |
Partial |
|
IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156. |
|
34 |
CVE-2020-4951 |
200 |
|
+Info |
2021-10-15 |
2021-11-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. |
|
35 |
CVE-2020-4944 |
312 |
|
|
2021-03-30 |
2021-10-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944. |
|
36 |
CVE-2020-4918 |
434 |
|
|
2021-01-04 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. |
|
37 |
CVE-2020-4913 |
522 |
|
|
2021-01-04 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. |
|
38 |
CVE-2020-4906 |
922 |
|
|
2020-12-16 |
2020-12-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. |
|
39 |
CVE-2020-4900 |
532 |
|
|
2020-11-30 |
2020-12-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. |
|
40 |
CVE-2020-4891 |
307 |
|
|
2021-03-16 |
2021-03-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974. |
|
41 |
CVE-2020-4890 |
|
|
DoS |
2021-03-16 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. |
|
42 |
CVE-2020-4887 |
|
|
|
2021-01-20 |
2021-08-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911. |
|
43 |
CVE-2020-4886 |
922 |
|
+Info |
2020-11-13 |
2020-11-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. |
|
44 |
CVE-2020-4884 |
312 |
|
|
2021-03-30 |
2021-04-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908. |
|
45 |
CVE-2020-4871 |
200 |
|
+Info |
2021-01-19 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834. |
|
46 |
CVE-2020-4851 |
74 |
|
|
2021-03-16 |
2021-03-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450. |
|
47 |
CVE-2020-4809 |
922 |
|
|
2021-09-23 |
2021-09-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. |
|
48 |
CVE-2020-4805 |
922 |
|
|
2021-09-23 |
2021-09-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. |
|
49 |
CVE-2020-4803 |
922 |
|
|
2021-09-23 |
2021-09-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. |
|
50 |
CVE-2020-4787 |
918 |
|
|
2021-01-27 |
2021-02-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224. |
