Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0757

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-02 Feb, 2011 | 22:00
Updated At-06 Aug, 2024 | 22:05
Rejected At-
Credits

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:02 Feb, 2011 | 22:00
Updated At:06 Aug, 2024 | 22:05
Rejected At:
▼CVE Numbering Authority (CNA)

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg1IC66814
vendor-advisory
x_refsource_AIXAPAR
http://secunia.com/advisories/43148
third-party-advisory
x_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg1IC66815
vendor-advisory
x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=swg21426108
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
x_refsource_CONFIRM
http://osvdb.org/70773
vdb-entry
x_refsource_OSVDB
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295
vdb-entry
signature
x_refsource_OVAL
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/46064
vdb-entry
x_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg1IC66811
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66814
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://secunia.com/advisories/43148
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66815
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21426108
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
Resource:
x_refsource_CONFIRM
Hyperlink: http://osvdb.org/70773
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/46064
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66811
Resource:
vendor-advisory
x_refsource_AIXAPAR
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
x_refsource_CONFIRM
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg1IC66814
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://secunia.com/advisories/43148
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg1IC66815
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg21426108
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
x_refsource_CONFIRM
x_transferred
http://osvdb.org/70773
vdb-entry
x_refsource_OSVDB
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/46064
vdb-entry
x_refsource_BID
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg1IC66811
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66814
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://secunia.com/advisories/43148
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66815
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21426108
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://osvdb.org/70773
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/46064
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66811
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:02 Feb, 2011 | 23:00
Updated At:11 Apr, 2025 | 00:51

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
IBM Corporation
ibm
>>db2>>Versions up to 9.1(inclusive)
cpe:2.3:a:ibm:db2:*:fp9:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.1
cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>Versions up to 9.5(inclusive)
cpe:2.3:a:ibm:db2:*:fp6:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>Versions up to 9.7(inclusive)
cpe:2.3:a:ibm:db2:*:fp1:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7
cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/70773cve@mitre.org
N/A
http://secunia.com/advisories/43148cve@mitre.org
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811cve@mitre.org
N/A
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814cve@mitre.org
N/A
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815cve@mitre.org
N/A
http://www.ibm.com/support/docview.wss?uid=swg1IC66811cve@mitre.org
N/A
http://www.ibm.com/support/docview.wss?uid=swg1IC66814cve@mitre.org
N/A
http://www.ibm.com/support/docview.wss?uid=swg1IC66815cve@mitre.org
N/A
http://www.ibm.com/support/docview.wss?uid=swg21426108cve@mitre.org
N/A
http://www.securityfocus.com/bid/46064cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/65008cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295cve@mitre.org
N/A
http://osvdb.org/70773af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/43148af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=swg1IC66811af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=swg1IC66814af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=swg1IC66815af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=swg21426108af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/46064af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/65008af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://osvdb.org/70773
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/43148
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66811
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66814
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66815
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21426108
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46064
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/70773
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/43148
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66811
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66814
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IC66815
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21426108
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46064
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

212Records found
CVE-2013-0511
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.81%
||
7 Day CHG~0.00%
Published-29 Mar, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_appscann/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-4680
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.47% / 63.54%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 14:15
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-5760
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 48.79%
||
7 Day CHG~0.00%
Published-20 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-netezzan/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-5766
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.97%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_file_gatewaysterling_b2b_integratorn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-3336
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.47% / 63.54%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 15:39
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-infosphere_guardiumlinux_kernelInfoSphere Guardium
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-4598
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.30% / 52.65%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 15:55
Updated-17 Sep, 2024 | 03:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-4669
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 49.71%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 16:10
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process ManagerBusiness Automation Workflow
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-4671
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 36.53%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 13:50
Updated-17 Sep, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-3321
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.15%
||
7 Day CHG~0.00%
Published-20 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password.

Action-Not Available
Vendor-n/aIBM Corporation
Product-smartcloud_control_deskn/a
CVE-2012-0728
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.85%
||
7 Day CHG~0.00%
Published-10 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_service_desksmartcloud_control_deskchange_and_configuration_management_databasetivoli_asset_management_for_itmaximo_asset_managementtivoli_service_request_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-5939
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 48.34%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-kenexa_lms_on_cloudKenexa LMS on Cloud
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-5990
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 41.43%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.

Action-Not Available
Vendor-IBM Corporation
Product-security_privileged_identity_managerPrivileged Identity Manager
CWE ID-CWE-284
Improper Access Control
CVE-2016-5952
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.73%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-kenexa_lcms_premierKenexa LCMS Premier on Cloud
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-5963
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-1.77% / 81.88%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_privileged_identity_manager_virtual_appliancen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-2873
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.76%
||
7 Day CHG~0.00%
Published-30 Nov, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-2917
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.42%
||
7 Day CHG~0.00%
Published-30 Nov, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tririga_application_platformn/a
CVE-2016-0239
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.72% / 71.61%
||
7 Day CHG~0.00%
Published-22 Oct, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_guardium_database_activity_monitorn/a
CVE-2011-1321
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.62%
||
7 Day CHG~0.00%
Published-08 Mar, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2016-0233
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.47% / 63.82%
||
7 Day CHG~0.00%
Published-28 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-marketing_platformn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-0374
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.47%
||
7 Day CHG~0.00%
Published-01 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tririga_application_platformn/a
CVE-2016-0241
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.59%
||
7 Day CHG~0.00%
Published-22 Oct, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_guardium_database_activity_monitorn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-0326
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.89% / 74.66%
||
7 Day CHG~0.00%
Published-22 Oct, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_collaborative_lifecycle_managementrational_quality_managern/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-0276
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.95% / 75.39%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. IBM X-Force ID: 111084.

Action-Not Available
Vendor-n/aIBM Corporation
Product-financial_transaction_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.33% / 79.11%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CVE-2021-29736
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.68% / 70.54%
||
7 Day CHG~0.00%
Published-30 Jul, 2021 | 11:15
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CVE-2021-29754
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:25
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CVE-2021-29907
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.30%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 16:05
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelopenpages_with_watsonOpenPages with Watson
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-29792
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 27.97%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:05
Updated-16 Sep, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450.

Action-Not Available
Vendor-IBM Corporation
Product-event_streamsEvent Streams
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-29679
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.72% / 71.60%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 15:55
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-29730
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 50.02%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 16:55
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-29780
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.19% / 40.92%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 16:00
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085.

Action-Not Available
Vendor-IBM Corporation
Product-resilient_security_orchestration_automation_and_responseResilient OnPrem
CWE ID-CWE-20
Improper Input Validation
CVE-2021-29845
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.32%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 17:40
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-20
Improper Input Validation
CVE-2021-29844
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.99%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 16:00
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_team_concertengineering_lifecycle_optimizationengineering_workflow_managementrational_rhapsody_design_managerengineering_requirements_quality_assistant_on-premisesRational DOORS Next GenerationEngineering Workflow ManagementRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerRational Team Concert
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-29745
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 15:55
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CVE-2021-29686
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.27%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 15:10
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CVE-2011-4816
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 67.40%
||
7 Day CHG~0.00%
Published-13 Mar, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-trivoli_service_request_managertivoli_asset_management_for_itmaximo_service_deskmaximo_asset_management_essentialsmaximo_asset_managementtivoli_change_and_configuration_management_databasen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-2635
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-09 Nov, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_commercen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-4438
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.01% / 76.15%
||
7 Day CHG~0.00%
Published-28 Dec, 2009 | 19:00
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CWE ID-CWE-264
Not Available
CVE-2015-5023
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-03 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-curam_social_program_managementn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-4956
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.41% / 60.62%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-5049
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-01 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-openpages_grc_platformn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-1974
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.16%
||
7 Day CHG~0.00%
Published-28 Jun, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_directory_servern/a
CVE-2015-1945
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 56.62%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_master_data_management_servern/a
CVE-2015-0126
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Jun, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to bypass intended file-upload restrictions via a modified extension.

Action-Not Available
Vendor-n/aIBM Corporation
Product-leadsn/a
CVE-2015-0104
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-2.04% / 83.09%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 06:12
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-change_and_configuration_management_databasemaximo_for_utilitiesmaximo_for_transportationtivoli_asset_management_for_ittivoli_service_request_managermaximo_for_oil_and_gasmaximo_for_life_sciencesmaximo_for_governmentmaximo_for_nuclear_powermaximo_asset_management_essentialsmaximo_asset_managementn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-0161
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 50.71%
||
7 Day CHG~0.00%
Published-25 May, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_siteprotector_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-2171
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 75.76%
||
7 Day CHG~0.00%
Published-22 Jun, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.

Action-Not Available
Vendor-n/aIBM Corporation
Product-system_storage_ds3300system_storage_ds5100_storage_controllersystem_storage_ds3524ds4200system_storage_ds5300_storage_controllersystem_storage_ds3200ds4100system_storage_dcs3700_storage_subsystemds_storage_manager_host_softwareds4400system_storage_ds3950_expresssystem_storage_ds3400system_storage_ds5020_disk_controllerds4300ds4700ds4800ds4500system_storage_ds3512n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-0899
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.57%
||
7 Day CHG~0.00%
Published-11 Mar, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2013-6311
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 50.81%
||
7 Day CHG~0.00%
Published-28 Jun, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-marketing_platformn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-6331
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 48.65%
||
7 Day CHG~0.00%
Published-05 Mar, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6302.

Action-Not Available
Vendor-n/aIBM Corporation
Product-algo_onen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found