CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-4566 312 2019-09-24 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.
2 CVE-2019-4420 200 +Info 2019-08-20 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
3 CVE-2019-4385 200 +Info 2019-06-19 2019-06-27
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
4 CVE-2019-4381 255 +Info 2019-06-14 2019-06-18
2.1
None Local Low Not required Partial None None
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159.
5 CVE-2019-4284 532 2019-08-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.
6 CVE-2019-4275 285 DoS 2019-08-02 2019-10-09
2.1
None Local Low Not required None None Partial
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296.
7 CVE-2019-4265 922 2019-10-10 2019-10-10
2.1
None Local Low Not required Partial None None
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.
8 CVE-2019-4259 200 +Info 2019-05-13 2019-10-09
2.1
None Local Low Not required Partial None None
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
9 CVE-2019-4239 255 2019-06-14 2019-10-09
2.1
None Local Low Not required Partial None None
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.
10 CVE-2019-4236 19 2019-07-22 2019-10-09
2.1
None Local Low Not required Partial None None
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.
11 CVE-2019-4225 532 2019-06-26 2019-10-09
2.1
None Local Low Not required Partial None None
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.
12 CVE-2019-4220 798 2019-06-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.
13 CVE-2019-4218 200 +Info 2019-06-06 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227.
14 CVE-2019-4207 200 +Info 2019-05-07 2019-10-09
2.1
None Local Low Not required Partial None None
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.
15 CVE-2019-4177 200 +Info 2019-06-17 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882.
16 CVE-2019-4174 200 +Info 2019-06-17 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.
17 CVE-2019-4161 200 +Info 2019-06-06 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 158660.
18 CVE-2019-4143 532 2019-04-08 2019-04-10
2.1
None Local Low Not required Partial None None
The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.
19 CVE-2019-4132 200 +Info 2019-08-29 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274.
20 CVE-2019-4118 200 +Info 2019-07-11 2019-07-15
2.1
None Local Low Not required Partial None None
IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144.
21 CVE-2019-4116 200 +Info 2019-07-25 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115.
22 CVE-2019-4112 200 +Info 2019-09-30 2019-10-09
2.1
None Local Low Not required Partial None None
IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.
23 CVE-2019-4101 20 DoS 2019-07-01 2019-07-04
2.1
None Local Low Not required None None Partial
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091.
24 CVE-2019-4054 200 +Info 2019-07-17 2019-10-09
2.1
None Local Low Not required Partial None None
IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563.
25 CVE-2019-4049 20 DoS 2019-08-20 2019-10-09
2.1
None Local Low Not required None None Partial
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.
26 CVE-2019-4048 200 +Info 2019-06-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
27 CVE-2019-4039 532 DoS 2019-05-23 2019-10-09
2.1
None Local Low Not required None None Partial
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.
28 CVE-2018-2005 200 +Info 2019-05-20 2019-10-09
2.1
None Local Low Not required Partial None None
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007
29 CVE-2018-1993 200 +Info 2019-01-08 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.
30 CVE-2018-1962 384 2019-02-04 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
31 CVE-2018-1957 200 +Info 2018-12-10 2019-10-09
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X-Force ID: 153629.
32 CVE-2018-1938 311 2019-03-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.
33 CVE-2018-1937 311 2019-03-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.
34 CVE-2018-1928 2018-11-30 2019-10-09
2.1
None Local Low Not required None Partial None
IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.
35 CVE-2018-1877 312 2018-11-02 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.
36 CVE-2018-1876 532 2018-11-02 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707.
37 CVE-2018-1874 200 +Info 2019-04-02 2019-10-09
2.1
None Local Low Not required Partial None None
IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.
38 CVE-2018-1841 200 +Info 2018-11-19 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901.
39 CVE-2018-1787 275 2019-04-08 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872.
40 CVE-2018-1783 668 2018-10-05 2019-10-02
2.1
None Local Low Not required None None Partial
IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.
41 CVE-2018-1768 532 2018-09-26 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.
42 CVE-2018-1723 200 +Info 2018-10-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.
43 CVE-2018-1677 20 DoS 2018-12-20 2019-10-09
2.1
None Local Low Not required None None Partial
IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171.
44 CVE-2018-1664 2018-09-25 2019-10-09
2.1
None Local Low Not required Partial None None
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890.
45 CVE-2018-1655 200 +Info 2018-06-22 2019-10-09
2.1
None Local Low Not required Partial None None
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
46 CVE-2018-1652 20 DoS 2018-12-11 2019-10-09
2.1
None Local Low Not required None None Partial
IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724.
47 CVE-2018-1650 798 Bypass 2018-12-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.
48 CVE-2018-1623 200 +Info 2019-04-02 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.
49 CVE-2018-1621 312 2018-07-06 2019-10-09
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.
50 CVE-2018-1568 200 +Info 2018-12-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.
Total number of vulnerabilities : 295   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.