CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-4564 79 XSS 2019-10-04 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2 CVE-2019-4542 79 XSS 2019-10-02 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815.
3 CVE-2019-4515 352 CSRF 2019-09-24 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.
4 CVE-2019-4512 209 2019-10-09 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
5 CVE-2019-4485 200 +Info 2019-08-20 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
6 CVE-2019-4484 200 +Info 2019-08-20 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
7 CVE-2019-4477 200 +Info 2019-09-17 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.
8 CVE-2019-4473 264 2019-08-05 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.
9 CVE-2019-4442 22 Dir. Trav. 2019-09-17 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.
10 CVE-2019-4439 384 2019-07-25 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.
11 CVE-2019-4415 264 2019-07-25 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706.
12 CVE-2019-4384 22 Dir. Trav. 2019-06-19 2019-06-27
4.0
None Remote Low Single system Partial None None
IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172.
13 CVE-2019-4378 20 DoS 2019-09-26 2019-10-09
4.0
None Remote Low Single system None None Partial
IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.
14 CVE-2019-4377 200 +Info 2019-06-25 2019-06-28
4.0
None Remote Low Single system Partial None None
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803.
15 CVE-2019-4308 200 +Info 2019-08-20 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
16 CVE-2019-4264 295 +Info 2019-05-29 2019-06-03
4.3
None Remote Medium Not required Partial None None
IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.
17 CVE-2019-4263 200 +Info File Inclusion 2019-07-11 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.
18 CVE-2019-4261 20 DoS 2019-08-05 2019-10-09
4.0
None Remote Low Single system None None Partial
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
19 CVE-2019-4257 200 +Info 2019-06-06 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945.
20 CVE-2019-4241 284 Bypass 2019-06-26 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.
21 CVE-2019-4234 284 Bypass 2019-06-26 2019-10-09
4.0
None Remote Low Single system None Partial None
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.
22 CVE-2019-4222 200 +Info 2019-04-25 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. IBM X-Force ID: 159231.
23 CVE-2019-4217 20 2019-06-06 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226.
24 CVE-2019-4194 284 2019-07-17 2019-10-09
4.0
None Remote Low Single system None None Partial
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033.
25 CVE-2019-4186 74 XSS 2019-09-05 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.
26 CVE-2019-4173 200 +Info 2019-06-17 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.
27 CVE-2019-4171 200 +Info 2019-09-17 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.
28 CVE-2019-4167 352 CSRF 2019-08-20 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.
29 CVE-2019-4163 200 +Info 2019-07-31 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696.
30 CVE-2019-4157 79 XSS 2019-06-25 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.
31 CVE-2019-4156 200 +Info 2019-06-25 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.
32 CVE-2019-4151 326 2019-06-25 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.
33 CVE-2019-4150 295 2019-06-25 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.
34 CVE-2019-4138 200 +Info 2019-05-29 2019-06-03
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334.
35 CVE-2019-4137 79 XSS 2019-05-29 2019-06-03
4.3
None Remote Medium Not required None Partial None
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333.
36 CVE-2019-4134 79 XSS 2019-07-02 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.
37 CVE-2019-4102 326 2019-07-01 2019-07-04
4.3
None Remote Medium Not required Partial None None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.
38 CVE-2019-4086 1021 2019-09-17 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509.
39 CVE-2019-4084 200 +Info 2019-06-27 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.
40 CVE-2019-4063 200 +Info 2019-03-05 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008.
41 CVE-2019-4058 254 2019-05-20 2019-10-09
4.0
None Remote Low Single system None Partial None
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.
42 CVE-2019-4056 434 2019-06-05 2019-10-09
4.0
None Remote Low Single system None Partial None
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
43 CVE-2019-4047 200 +Info 2019-04-29 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243.
44 CVE-2019-4045 20 2019-04-08 2019-10-09
4.0
None Remote Low Single system None Partial None
IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241.
45 CVE-2019-4040 79 XSS 2019-01-31 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164.
46 CVE-2019-4038 264 Bypass 2019-02-04 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.
47 CVE-2018-9085 276 2018-11-16 2019-10-02
4.0
None Remote Low Single system None Partial None
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
48 CVE-2018-2028 200 +Info 2019-06-05 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
49 CVE-2018-2026 200 +Info 2019-01-23 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552.
50 CVE-2018-2021 79 XSS 2019-07-17 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345.
Total number of vulnerabilities : 1263   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.