CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-6157 532 2019-04-22 2019-10-09
5.0
None Remote Low Not required Partial None None
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
2 CVE-2019-4565 521 2019-09-20 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.
3 CVE-2019-4549 922 2019-10-02 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.
4 CVE-2019-4539 91 2019-10-02 2019-10-09
5.5
None Remote Low Single system None Partial Partial
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.
5 CVE-2019-4538 601 +Info 2019-10-02 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.
6 CVE-2019-4520 307 2019-10-02 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178.
7 CVE-2019-4514 863 2019-10-04 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.
8 CVE-2019-4505 200 +Info 2019-09-20 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
9 CVE-2019-4460 22 Dir. Trav. 2019-08-20 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.
10 CVE-2019-4456 611 2019-07-30 2019-10-09
5.5
None Remote Low Single system Partial None Partial
IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620.
11 CVE-2019-4441 209 +Info 2019-10-03 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
12 CVE-2019-4437 200 +Info 2019-08-20 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.
13 CVE-2019-4430 22 Dir. Trav. 2019-07-17 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.
14 CVE-2019-4423 22 Dir. Trav. 2019-09-30 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769.
15 CVE-2019-4402 20 DoS 2019-08-20 2019-10-09
5.0
None Remote Low Not required None None Partial
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.
16 CVE-2019-4382 200 +Info 2019-06-25 2019-06-26
5.0
None Remote Low Not required Partial None None
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.
17 CVE-2019-4369 200 +Info 2019-06-28 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161807.
18 CVE-2019-4338 400 2019-08-20 2019-10-09
5.0
None Remote Low Not required None None Partial
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417.
19 CVE-2019-4321 255 2019-09-05 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.
20 CVE-2019-4310 254 2019-08-20 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.
21 CVE-2019-4305 565 +Info 2019-09-30 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.
22 CVE-2019-4280 200 +Info 2019-09-30 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503.
23 CVE-2019-4269 200 +Info 2019-06-28 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202.
24 CVE-2019-4268 22 Dir. Trav. 2019-09-17 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201.
25 CVE-2019-4262 918 2019-09-26 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014.
26 CVE-2019-4260 200 +Info 2019-07-02 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012.
27 CVE-2019-4256 326 2019-05-29 2019-05-31
5.0
None Remote Low Not required Partial None None
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.
28 CVE-2019-4252 22 Dir. Trav. 2019-06-27 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
29 CVE-2019-4246 200 +Info 2019-10-01 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521.
30 CVE-2019-4235 200 +Info 2019-06-26 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.
31 CVE-2019-4219 200 +Info 2019-06-06 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228.
32 CVE-2019-4210 287 Bypass 2019-04-08 2019-10-09
5.5
None Remote Low Single system Partial Partial None
IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986.
33 CVE-2019-4208 611 2019-05-07 2019-10-09
5.5
None Remote Low Single system Partial None Partial
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129.
34 CVE-2019-4201 601 +Info 2019-06-05 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122.
35 CVE-2019-4193 200 +Info 2019-07-11 2019-07-15
5.0
None Remote Low Not required Partial None None
IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032.
36 CVE-2019-4185 264 2019-06-05 2019-10-09
5.4
None Local Network Medium Not required Partial Partial Partial
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975.
37 CVE-2019-4176 284 Bypass 2019-06-17 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.
38 CVE-2019-4175 326 2019-09-17 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880.
39 CVE-2019-4166 601 +Info 2019-04-30 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699.
40 CVE-2019-4165 20 DoS 2019-07-31 2019-10-09
5.0
None Remote Low Not required None None Partial
IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698.
41 CVE-2019-4162 20 2019-06-06 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661.
42 CVE-2019-4158 264 2019-06-25 2019-10-09
5.5
None Remote Low Single system Partial Partial None
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.
43 CVE-2019-4131 20 2019-07-11 2019-10-09
5.0
None Remote Low Not required None Partial None
IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270.
44 CVE-2019-4129 200 +Info 2019-07-02 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279.
45 CVE-2019-4119 20 2019-05-17 2019-10-09
5.0
None Remote Low Not required None Partial None
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.
46 CVE-2019-4109 1021 2019-09-30 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102.
47 CVE-2019-4092 601 +Info 2019-04-25 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654.
48 CVE-2019-4068 200 +Info 2019-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.
49 CVE-2019-4067 200 +Info 2019-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.
50 CVE-2019-4062 611 2019-07-30 2019-10-09
5.5
None Remote Low Single system Partial None Partial
IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007.
Total number of vulnerabilities : 770   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.