CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score >= 9)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-4279 502 Exec Code 2019-05-17 2019-05-24
10.0
 None Remote Low Not required Complete Complete Complete
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
2 CVE-2019-4203 284 2019-04-15 2019-10-09
9.0
 None Remote Low Not required Complete Partial Partial
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.
3 CVE-2019-4202 77 2019-04-15 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.
4 CVE-2019-4087 119 Exec Code Overflow 2019-07-02 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510.
5 CVE-2019-4071 77 Exec Code 2019-05-09 2019-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063.
6 CVE-2019-4013 434 Exec Code 2019-04-10 2019-10-07
9.0
 None Remote Low Single system Complete Complete Complete
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
7 CVE-2018-1973 269 2018-12-20 2019-10-09
9.0
 Admin Remote Low Single system Complete Complete Complete
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.
8 CVE-2018-1822 287 Bypass 2018-10-18 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
9 CVE-2018-1778 287 Bypass 2018-12-20 2019-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801.
10 CVE-2018-1722 Exec Code 2018-08-24 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.
11 CVE-2018-1640 20 Exec Code 2019-04-02 2019-10-09
9.0
 None Remote Low Single system Complete Complete Complete
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.
12 CVE-2018-1571 Exec Code 2018-09-11 2019-10-09
9.0
 None Remote Low Single system Complete Complete Complete
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 143121.
13 CVE-2018-1552 434 Exec Code 2018-11-02 2019-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889.
14 CVE-2018-1524 1188 2018-08-03 2019-10-09
9.0
 None Remote Low Single system Complete Complete Complete
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
15 CVE-2018-1469 Exec Code 2018-04-04 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.
16 CVE-2018-1437 426 Exec Code 2018-03-13 2019-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565.
17 CVE-2018-1383 2018-02-13 2019-10-02
9.0
 None Remote Low Single system Complete Complete Complete
A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.
18 CVE-2017-1696 20 Exec Code 2017-12-20 2018-01-05
9.0
 None Remote Low Single system Complete Complete Complete
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178.
19 CVE-2017-1453 78 Exec Code 2017-11-13 2017-11-30
9.0
 None Remote Low Single system Complete Complete Complete
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372.
20 CVE-2017-1407 77 Exec Code 2017-09-27 2017-10-06
9.0
 None Remote Low Single system Complete Complete Complete
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.
21 CVE-2017-1318 78 Exec Code 2017-07-18 2017-07-28
9.0
 None Remote Low Single system Complete Complete Complete
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730.
22 CVE-2017-1092 Exec Code 2017-05-22 2019-10-02
10.0
 None Remote Low Not required Complete Complete Complete
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
23 CVE-2016-9726 20 Exec Code 2017-03-07 2017-03-09
9.0
 None Remote Low Single system Complete Complete Complete
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.
24 CVE-2016-9691 611 DoS 2017-05-05 2017-05-12
9.0
 None Remote Low Not required Partial Partial Complete
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.
25 CVE-2016-8938 284 Exec Code 2017-02-01 2017-02-13
10.0
 None Remote Low Not required Complete Complete Complete
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
26 CVE-2016-6115 119 Exec Code Overflow 2017-02-01 2017-02-15
9.0
 None Remote Low Single system Complete Complete Complete
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
27 CVE-2016-6082 416 Exec Code 2017-02-01 2017-02-08
10.0
 None Remote Low Not required Complete Complete Complete
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.
28 CVE-2016-6042 119 Exec Code Overflow 2017-02-01 2017-02-09
9.3
 None Remote Medium Not required Complete Complete Complete
IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim.
29 CVE-2016-3028 78 Exec Code 2016-11-24 2016-11-28
9.0
 None Remote Low Single system Complete Complete Complete
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
30 CVE-2016-2875 77 Exec Code 2016-08-07 2016-11-28
9.0
 None Remote Low Single system Complete Complete Complete
IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors.
31 CVE-2016-0375 264 2016-06-30 2016-07-08
9.0
 None Remote Low Single system Complete Complete Complete
JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.
32 CVE-2016-0324 77 Exec Code 2018-01-12 2018-01-29
9.0
 Admin Remote Low Single system Complete Complete Complete
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640.
33 CVE-2016-0291 78 Exec Code 2018-02-28 2018-03-17
9.0
 None Remote Low Single system Complete Complete Complete
IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302.
34 CVE-2016-0236 77 Exec Code 2016-10-21 2016-11-28
9.0
 None Remote Low Single system Complete Complete Complete
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.
35 CVE-2016-0216 119 DoS Overflow 2016-02-29 2016-03-03
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213.
36 CVE-2016-0213 119 DoS Overflow 2016-02-29 2016-03-03
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216.
37 CVE-2016-0212 119 DoS Overflow 2016-02-29 2016-03-03
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216.
38 CVE-2015-7450 94 Exec Code 2016-01-02 2017-09-07
10.0
 None Remote Low Not required Complete Complete Complete
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
39 CVE-2015-7426 78 Exec Code 2016-01-02 2016-01-07
10.0
 None Remote Low Not required Complete Complete Complete
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
40 CVE-2015-7425 264 2016-02-21 2016-11-28
10.0
 None Remote Low Not required Complete Complete Complete
The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.
41 CVE-2015-7411 264 +Priv 2016-03-11 2016-12-02
9.0
 Admin Remote Low Single system Complete Complete Complete
The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.
42 CVE-2015-5014 20 2015-10-25 2015-10-26
9.3
 None Remote Medium Not required Complete Complete Complete
IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation.
43 CVE-2015-4947 119 Exec Code Overflow 2015-09-15 2016-12-21
9.0
 None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors.
44 CVE-2015-4935 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4934.
45 CVE-2015-4934 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935.
46 CVE-2015-4933 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, and CVE-2015-4935.
47 CVE-2015-4932 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935.
48 CVE-2015-4931 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4932, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935.
49 CVE-2015-4930 77 Exec Code 2015-10-03 2016-11-28
9.0
 None Remote Low Single system Complete Complete Complete
IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access.
50 CVE-2015-2016 Exec Code 2015-10-03 2015-10-05
9.0
 None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors.
Total number of vulnerabilities : 388   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.