Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1240

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Apr, 2009 | 18:00
Updated At-07 Aug, 2024 | 05:04
Rejected At-
Credits

Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Apr, 2009 | 18:00
Updated At:07 Aug, 2024 | 05:04
Rejected At:
â–¼CVE Numbering Authority (CNA)

Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/504995/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
x_refsource_MISC
http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
x_refsource_MISC
http://www.securityfocus.com/bid/34345
vdb-entry
x_refsource_BID
http://www.securityfocus.com/archive/1/504987/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/502369/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/504992/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/504995/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
Resource:
x_refsource_MISC
Hyperlink: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/34345
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securityfocus.com/archive/1/504987/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/502369/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/504992/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/504995/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
x_refsource_MISC
x_transferred
http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/34345
vdb-entry
x_refsource_BID
x_transferred
http://www.securityfocus.com/archive/1/504987/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/502369/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/504992/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/504995/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34345
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/504987/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/502369/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/504992/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Apr, 2009 | 18:30
Updated At:23 Apr, 2026 | 00:35

Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
IBM Corporation
ibm
>>proventia_desktop_endpoint_security>>*
cpe:2.3:a:ibm:proventia_desktop_endpoint_security:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>proventia_network_mail_security_system>>*
cpe:2.3:a:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>network_multi-function_security>>*
cpe:2.3:h:ibm:network_multi-function_security:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>proventia_network_mail_security_system_virtual_appliance>>*
cpe:2.3:h:ibm:proventia_network_mail_security_system_virtual_appliance:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Per: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417 Although the Virus Prevention System technology was, at one time, incorporated into the IBM Proventia Network MFS and the Proventia Network Mail appliances, this capability was removed in Jan 2008. For this reason, this vulnerability does not apply to these product lines. The Virus Prevention System technology is currently incorporated into Proventia Desktop. However, the Proventia Desktop product is not affected by this evasion. No other IBM ISS products currently incorporate the Virus Prevention System technology.
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.htmlcve@mitre.org
N/A
http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/502369/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/504987/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/504992/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/504995/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/34345cve@mitre.org
N/A
http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/502369/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/504987/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/504992/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/504995/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/34345af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/502369/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/504987/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/504992/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/504995/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34345
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/502369/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/504987/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/504992/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/504995/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34345
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

274Records found
CVE-2022-31767
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.95% / 83.60%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 15:35
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelcics_txCICS TX AdvancedCICS TX Standard
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2006-7198
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.40% / 80.59%
||
7 Day CHG~0.00%
Published-30 Apr, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.

Action-Not Available
Vendor-n/aIBM Corporation
Product-racfwebsphere_application_servern/a
CVE-2006-6836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.56% / 68.46%
||
7 Day CHG~0.00%
Published-01 Jan, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.

Action-Not Available
Vendor-n/aIBM Corporation
Product-os_400n/a
CVE-2013-1777
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-8.28% / 92.29%
||
7 Day CHG~0.00%
Published-11 Jul, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.

Action-Not Available
Vendor-n/aIBM CorporationThe Apache Software Foundation
Product-geronimowebsphere_application_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-4429
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-90.70% / 99.63%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 19:20
Updated-03 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2002-0745
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.32% / 80.02%
||
7 Day CHG~0.00%
Published-26 Jul, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in uucp in AIX 4.3.3.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0048
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.88% / 83.28%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aNEC CorporationDebian GNU/LinuxIBM Corporation
Product-up-ux_vaixnetkitasl_ux_4800ews-ux_vn/a
CVE-2013-0462
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-0.46% / 64.41%
||
7 Day CHG~0.00%
Published-27 Jan, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2013-0485
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-1.21% / 79.07%
||
7 Day CHG~0.00%
Published-21 Jan, 2014 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries.

Action-Not Available
Vendor-n/aIBM Corporation
Product-javan/a
CVE-2016-0213
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.23% / 87.17%
||
7 Day CHG~0.00%
Published-29 Feb, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7426
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-2.73% / 86.04%
||
7 Day CHG~0.00%
Published-02 Jan, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spectrum_protect_for_virtual_environmentsspectrum_protect_snapshotn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2011-1389
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.54% / 91.20%
||
7 Day CHG~0.00%
Published-19 Jan, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.

Action-Not Available
Vendor-n/aIBM Corporation
Product-telelogic_license_serverrational_license_serverrational_license_key_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-0198
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-1.27% / 79.66%
||
7 Day CHG~0.00%
Published-24 Mar, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-general_parallel_file_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2015-4935
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-23.07% / 95.96%
||
7 Day CHG~0.00%
Published-03 Aug, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4934.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4933
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-23.07% / 95.96%
||
7 Day CHG~0.00%
Published-03 Aug, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, and CVE-2015-4935.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4934
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-23.07% / 95.96%
||
7 Day CHG~0.00%
Published-03 Aug, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-29908
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.61% / 69.78%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:50
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.

Action-Not Available
Vendor-IBM Corporation
Product-ts7700_firmwarets7700Virtualization Engine TS7700 3957-VEDVirtualization Engine TS7700 3957-VEC
CVE-2012-5955
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-6.95% / 91.49%
||
7 Day CHG~0.00%
Published-20 Dec, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_serverhttp_servern/a
CVE-2015-1949
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-14.37% / 94.46%
||
7 Day CHG~0.00%
Published-30 Jun, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2015-1902
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-34.02% / 97.00%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.

Action-Not Available
Vendor-n/aIBM Corporation
Product-dominon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-1903
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-34.02% / 97.00%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.

Action-Not Available
Vendor-n/aIBM Corporation
Product-dominon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-6636
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.07% / 84.06%
||
7 Day CHG~0.00%
Published-19 Dec, 2006 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2006-6135
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.99% / 76.96%
||
7 Day CHG~0.00%
Published-28 Nov, 2006 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831).

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2015-0117
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-21.76% / 95.79%
||
7 Day CHG~0.00%
Published-06 Apr, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.

Action-Not Available
Vendor-n/aIBM Corporation
Product-dominon/a
CVE-2015-0134
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-29.29% / 96.63%
||
7 Day CHG~0.00%
Published-06 Apr, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-dominon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0235
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-86.66% / 99.43%
||
7 Day CHG~0.00%
Published-28 Jan, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Action-Not Available
Vendor-n/aApple Inc.GNUIBM CorporationOracle CorporationRed Hat, Inc.The PHP GroupDebian GNU/Linux
Product-debian_linuxmac_os_xcommunications_user_data_repositorycommunications_session_border_controllercommunications_webrtc_session_controllerpureapplication_systemcommunications_eagle_application_processorphpsecurity_access_manager_for_enterprise_single_sign-onglibccommunications_eagle_lnp_application_processorcommunications_lsmscommunications_policy_managementvm_virtualboxexalogic_infrastructurelinuxcommunications_application_session_controllervirtualizationn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-8891
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-6.61% / 91.26%
||
7 Day CHG~0.00%
Published-06 Mar, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.

Action-Not Available
Vendor-n/aIBM Corporation
Product-java_sdkn/a
CVE-2014-6120
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.99% / 88.48%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 21:00
Updated-06 Aug, 2024 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_appscan_sourcesecurity_appscan_sourcen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2014-6271
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-94.22% / 99.93%
||
7 Day CHG~0.00%
Published-24 Sep, 2014 | 18:00
Updated-22 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-28||Apply updates per vendor instructions.

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Action-Not Available
Vendor-mageian/aCanonical Ltd.Apple Inc.GNUIBM CorporationOracle CorporationF5, Inc.NovellopenSUSECheck Point Software Technologies Ltd.Citrix (Cloud Software Group, Inc.)QNAP Systems, Inc.SUSERed Hat, Inc.Debian GNU/LinuxVMware (Broadcom Inc.)Arista Networks, Inc.
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerstn6800storwize_v7000_firmwareenterprise_linux_for_ibm_z_systemsbashmageiabig-ip_wan_optimization_managerstorwize_v3500stn7800_firmwarebig-ip_protocol_security_moduleenterprise_linux_serverenterprise_linux_workstationstorwize_v3700storwize_v3700_firmwarebig-ip_global_traffic_managergluster_storage_server_for_on-premisebig-ip_edge_gatewayopensusestorwize_v3500_firmwareenterprise_managertraffix_signaling_delivery_controllerbig-iq_devicevcenter_server_applianceenterprise_linux_desktopstn7800san_volume_controllerlinux_enterprise_serversecurity_access_manager_for_web_8.0_firmwareenterprise_linux_server_aussan_volume_controller_firmwaresoftware_defined_network_for_virtual_environmentsbig-iq_cloudlinux_enterprise_software_development_kitnetscaler_sdxqtsbig-ip_analyticsbig-ip_local_traffic_managerstudio_onsitebig-ip_access_policy_managerlinuxinfosphere_guardium_database_activity_monitoringqradar_risk_managerubuntu_linuxarxeosenterprise_linux_server_tusbig-iq_securityqradar_vulnerability_managerstn6500enterprise_linux_server_from_rhuistn6800_firmwareflex_system_v7000flex_system_v7000_firmwarenetscaler_sdx_firmwarestn6500_firmwarestorwize_v5000security_access_manager_for_mobile_8.0_firmwarestarter_kit_for_cloudenterprise_linux_eusvirtualizationsecurity_access_manager_for_web_7.0_firmwaresmartcloud_entry_appliancebig-ip_application_security_managerdebian_linuxlinux_enterprise_desktopmac_os_xzenworks_configuration_managementesxbig-ip_webacceleratorenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianworkload_deployerqradar_security_information_and_event_managerarx_firmwarestorwize_v5000_firmwaresecurity_gatewaybig-ip_policy_enforcement_managersmartcloud_provisioningpureapplication_systemstorwize_v7000open_enterprise_serverenterprise_linux_for_scientific_computingbig-ip_link_controllerenterprise_linuxn/aBourne-Again Shell (Bash)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-4823
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-6.47% / 91.15%
||
7 Day CHG~0.00%
Published-03 Oct, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_access_manager_for_mobile_appliancesecurity_access_manager_for_web_8.0_firmwaresecurity_access_manager_for_mobile_8.0_firmwaresecurity_access_manager_for_web_7.0_firmwaresecurity_access_manager_for_web_appliancen/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-4752
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-2.51% / 85.46%
||
7 Day CHG~0.00%
Published-23 Sep, 2014 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-system_networking_rackswitch__g8332_firmwarebladecenter_10g_vfsm_firmwaresystem_networking_rackswitch__en4093rserver_connectivity_module_firmwaresystem_networking_rackswitch__si4093_firmwaresystem_networking_rackswitch__g8052_firmwarebladecenter_1g_firmwaresystem_networking_rackswitch__en4093bladecenter_1g_l2-7_slb_firmwareserver_connectivity_modulesystem_networking_rackswitch__g8264cssystem_networking_rackswitch__cn4093system_networking_rackswitch__en4093_firmwaresystem_networking_rackswitch__g8124e_firmwaresystem_networking_rackswitch__g8264cs_firmwaresystem_networking_rackswitch__en2092_firmwaresystem_networking_rackswitch__g8332bladecenter_1\/10gsystem_networking_rackswitch__g8124_firmwareflex_system_interconnect_fabric_firmwaresystem_networking_rackswitch__g8124system_networking_rackswitch__g8264tsystem_networking_rackswitch__g8264t_firmwaresystem_networking_rackswitch__g8316system_networking_rackswitch__g8124esystem_networking_rackswitch__g8052bladecenter_10g_vfsmsystem_networking_rackswitch__si4093system_networking_rackswitch__en2092bladecenter_1\/10g_firmwaresystem_networking_rackswitch__g8124er_firmwaresystem_networking_rackswitch__en4093r_firmwaresystem_networking_rackswitch__g8316_firmwareflex_system_interconnect_fabricbladecenter_1gsystem_networking_rackswitch__g8264_firmwaresystem_networking_rackswitch__g8264bladecenter_1g_l2-7_slbsystem_networking_rackswitch__g8124ersystem_networking_rackswitch__cn4093_firmwaren/a
CVE-2005-4272
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-22.35% / 95.86%
||
7 Day CHG~0.00%
Published-15 Dec, 2005 | 22:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2006-5855
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-68.19% / 98.62%
||
7 Day CHG~0.00%
Published-06 Dec, 2006 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_managern/a
CVE-2014-3059
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-2.40% / 85.18%
||
7 Day CHG~0.00%
Published-02 Oct, 2014 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_datapower_xc10_appliancewebsphere_datapower_xc10_appliance_firmwaren/a
CVE-2014-3060
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-2.40% / 85.18%
||
7 Day CHG~0.00%
Published-02 Oct, 2014 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_datapower_xc10_appliancewebsphere_datapower_xc10_appliance_firmwaren/a
CVE-2014-2421
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-5.91% / 90.68%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 02:05
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aCanonical Ltd.Juniper Networks, Inc.IBM CorporationOracle CorporationMicrosoft CorporationDebian GNU/Linux
Product-jrockitdebian_linuxubuntu_linuxjdkjrejunos_spaceforms_viewerwindowsn/a
CVE-2013-4804
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-9.92% / 93.07%
||
7 Day CHG~0.00%
Published-13 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-business_process_monitorn/a
CVE-2013-5403
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-1.89% / 83.32%
||
7 Day CHG~0.00%
Published-27 Sep, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_datapower_xc10_appliancewebsphere_datapower_xc10_appliance_firmwaren/a
CVE-2013-5400
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-2.37% / 85.06%
||
7 Day CHG~0.00%
Published-14 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-platform_symphonyn/a
CVE-2013-5370
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-16.62% / 94.97%
||
7 Day CHG~0.00%
Published-01 Oct, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spss_collaboration_and_deployment_servicesn/a
CVE-2021-20509
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7||HIGH
EPSS-0.76% / 73.42%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 16:05
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2013-4042
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-19.22% / 95.41%
||
7 Day CHG~0.00%
Published-01 Oct, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-5370.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spss_collaboration_and_deployment_servicesn/a
CVE-2004-0586
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.62% / 90.40%
||
7 Day CHG~0.00%
Published-23 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods.

Action-Not Available
Vendor-n/aIBM Corporation
Product-acprunnern/a
CVE-2004-0253
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.48% / 65.03%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cloudscapen/a
CVE-2012-3298
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-2.39% / 85.12%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_commercen/a
CVE-2012-1797
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.45% / 63.76%
||
7 Day CHG~0.00%
Published-20 Mar, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CVE-2012-2166
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.99% / 86.64%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 23:00
Updated-06 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.

Action-Not Available
Vendor-n/aIBM Corporation
Product-xiv_storage_system_2810-114_firmwarexiv_storage_system_2812-114_firmwarexiv_storage_system_2812-114xiv_storage_system_2812-a14xiv_storage_system_2810-a14xiv_storage_system_2810-a14_firmwarexiv_storage_system_2810-114xiv_storage_system_2812-a14_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2012-0202
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-78.95% / 99.07%
||
7 Day CHG~0.00%
Published-04 May, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_tm1n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-3577
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.22% / 79.22%
||
7 Day CHG~0.00%
Published-20 Sep, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_commercen/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-9412
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-10||CRITICAL
EPSS-0.78% / 73.77%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 17:00
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)IBM Corporation
Product-managed_file_transfer_platform_serveriTIBCO Managed File Transfer Platform Server for IBM i
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found