| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-36529 |
77 |
|
|
2022-06-07 |
2022-06-14 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely. |
|
2 |
CVE-2020-4689 |
74 |
|
Exec Code |
2020-10-12 |
2021-07-21 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696. |
|
3 |
CVE-2019-4364 |
1236 |
|
Exec Code |
2019-06-19 |
2023-01-30 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. |
|
4 |
CVE-2018-1850 |
|
|
|
2018-10-22 |
2019-10-09 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998. |
|
5 |
CVE-2016-9727 |
20 |
|
Exec Code |
2017-03-07 |
2017-03-09 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542. |
|
6 |
CVE-2016-9706 |
611 |
|
DoS |
2017-02-15 |
2017-03-07 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. |
|
7 |
CVE-2016-6111 |
611 |
|
DoS |
2017-03-31 |
2017-04-04 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. |
|
8 |
CVE-2016-3039 |
|
|
DoS |
2016-07-17 |
2016-11-28 |
8.5 |
None |
Remote |
Low |
??? |
Complete |
None |
Complete |
|
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
|
9 |
CVE-2016-2876 |
264 |
|
Exec Code |
2016-11-30 |
2016-12-23 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. |
|
10 |
CVE-2015-5018 |
78 |
|
Exec Code |
2016-01-02 |
2016-12-07 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. |
|
11 |
CVE-2015-5003 |
77 |
|
Exec Code |
2016-01-03 |
2016-12-06 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. |
|
12 |
CVE-2015-1935 |
17 |
|
DoS Exec Code |
2015-07-20 |
2018-09-26 |
8.0 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Complete |
|
The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. |
|
13 |
CVE-2015-1882 |
362 |
|
Exec Code +Priv |
2015-04-27 |
2016-08-04 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user. |
|
14 |
CVE-2014-6141 |
264 |
|
Exec Code Bypass |
2015-02-02 |
2017-09-08 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands. |
|
15 |
CVE-2014-3053 |
287 |
|
Bypass |
2014-06-21 |
2017-08-29 |
8.0 |
None |
Local Network |
Low |
Not required |
Complete |
Partial |
Complete |
|
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. |
|
16 |
CVE-2013-6332 |
|
|
Exec Code |
2014-02-06 |
2017-08-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it. |
|
17 |
CVE-2013-5385 |
20 |
|
DoS +Info |
2014-01-02 |
2014-01-28 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. |
|
18 |
CVE-2013-4049 |
|
|
Exec Code |
2013-09-16 |
2017-08-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file. |
|
19 |
CVE-2013-3005 |
264 |
|
Bypass |
2013-07-06 |
2017-09-19 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors. |
|
20 |
CVE-2013-0487 |
287 |
|
|
2013-03-27 |
2017-08-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. |
|
21 |
CVE-2012-4826 |
119 |
|
Exec Code Overflow |
2012-10-20 |
2013-03-02 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. |
|
22 |
CVE-2011-1366 |
|
|
Exec Code |
2011-10-30 |
2017-08-17 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive. |
|
23 |
CVE-2010-4069 |
119 |
|
Exec Code Overflow |
2010-10-25 |
2010-10-27 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. |
|
24 |
CVE-2009-3160 |
|
|
|
2009-09-10 |
2009-10-01 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue. |
|
25 |
CVE-2008-5686 |
287 |
|
Exec Code |
2008-12-19 |
2011-03-08 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. |
|
26 |
CVE-2008-0727 |
119 |
|
Exec Code Overflow |
2008-03-18 |
2018-10-15 |
8.5 |
None |
Remote |
Low |
??? |
None |
Complete |
Complete |
|
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. |
|
27 |
CVE-2007-6593 |
119 |
|
Exec Code Overflow |
2007-12-28 |
2018-10-15 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
|
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. |
