| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1850 |
284 |
|
|
2018-10-22 |
2018-12-06 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998. |
|
2 |
CVE-2016-9727 |
20 |
|
Exec Code |
2017-03-07 |
2017-03-09 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542. |
|
3 |
CVE-2016-9706 |
611 |
|
DoS |
2017-02-15 |
2017-03-06 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. |
|
4 |
CVE-2016-6111 |
611 |
|
DoS |
2017-03-31 |
2017-04-04 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. |
|
5 |
CVE-2016-3039 |
|
|
DoS |
2016-07-17 |
2016-11-28 |
8.5 |
None |
Remote |
Low |
Single system |
Complete |
None |
Complete |
|
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
|
6 |
CVE-2016-2876 |
78 |
|
Exec Code |
2016-11-30 |
2016-12-22 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. |
|
7 |
CVE-2015-5018 |
78 |
|
Exec Code |
2016-01-02 |
2016-12-07 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. |
|
8 |
CVE-2015-5005 |
264 |
|
|
2015-11-08 |
2016-11-28 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list. |
|
9 |
CVE-2015-5003 |
77 |
|
Exec Code |
2016-01-03 |
2016-12-05 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. |
|
10 |
CVE-2015-1935 |
17 |
|
DoS Exec Code |
2015-07-19 |
2018-09-26 |
8.0 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Complete |
|
The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. |
|
11 |
CVE-2015-1882 |
362 |
|
Exec Code +Priv |
2015-04-27 |
2016-08-03 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user. |
|
12 |
CVE-2014-6141 |
264 |
|
Exec Code Bypass |
2015-02-01 |
2017-09-07 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands. |
|
13 |
CVE-2014-3094 |
119 |
|
Exec Code Overflow |
2014-09-04 |
2017-08-28 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement. |
|
14 |
CVE-2014-3053 |
287 |
|
Bypass |
2014-06-21 |
2017-08-28 |
8.0 |
None |
Local Network |
Low |
Not required |
Complete |
Partial |
Complete |
|
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. |
|
15 |
CVE-2013-6744 |
264 |
|
+Priv |
2014-05-30 |
2017-08-28 |
8.5 |
User |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority. |
|
16 |
CVE-2013-6332 |
|
|
Exec Code |
2014-02-06 |
2017-08-28 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it. |
|
17 |
CVE-2013-5385 |
20 |
|
DoS +Info |
2014-01-02 |
2014-01-27 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. |
|
18 |
CVE-2013-4049 |
|
|
Exec Code |
2013-09-16 |
2017-08-28 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file. |
|
19 |
CVE-2013-3005 |
264 |
|
Bypass |
2013-07-06 |
2017-09-18 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors. |
|
20 |
CVE-2013-0526 |
20 |
|
Exec Code |
2013-08-21 |
2017-08-28 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter. |
|
21 |
CVE-2013-0487 |
287 |
|
|
2013-03-27 |
2017-08-28 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. |
|
22 |
CVE-2012-4826 |
119 |
|
Exec Code Overflow |
2012-10-20 |
2013-03-01 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. |
|
23 |
CVE-2011-1366 |
|
|
Exec Code |
2011-10-30 |
2017-08-16 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive. |
|
24 |
CVE-2010-4069 |
119 |
|
Exec Code Overflow |
2010-10-25 |
2010-10-27 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. |
|
25 |
CVE-2009-3160 |
|
|
|
2009-09-10 |
2009-10-01 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue. |
|
26 |
CVE-2008-5686 |
287 |
|
Exec Code |
2008-12-19 |
2009-01-06 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. |
|
27 |
CVE-2008-1998 |
264 |
|
|
2008-04-28 |
2018-10-31 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. |
|
28 |
CVE-2008-0727 |
119 |
|
Exec Code Overflow |
2008-03-17 |
2018-10-15 |
8.5 |
None |
Remote |
Low |
Single system |
None |
Complete |
Complete |
|
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. |
|
29 |
CVE-2007-6593 |
119 |
|
Exec Code Overflow |
2007-12-28 |
2018-10-15 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
|
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. |
