Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-0841

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-27 Apr, 2018 | 16:00
Updated At-06 Aug, 2024 | 09:27
Rejected At-
Credits

IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:27 Apr, 2018 | 16:00
Updated At:06 Aug, 2024 | 09:27
Rejected At:
▼CVE Numbering Authority (CNA)

IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/90704
vdb-entry
x_refsource_XF
Hyperlink: https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90704
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/90704
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90704
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:27 Apr, 2018 | 16:29
Updated At:07 Jun, 2018 | 18:00

IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.3MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>rational_focal_point>>6.4
cpe:2.3:a:ibm:rational_focal_point:6.4:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_focal_point>>6.4.1
cpe:2.3:a:ibm:rational_focal_point:6.4.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_focal_point>>6.5.1
cpe:2.3:a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_focal_point>>6.5.2
cpe:2.3:a:ibm:rational_focal_point:6.5.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_focal_point>>6.6
cpe:2.3:a:ibm:rational_focal_point:6.6:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-326Primarynvd@nist.gov
CWE ID: CWE-326
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/90704psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90704
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

376Records found
CVE-2017-1349
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.61%
||
7 Day CHG~0.00%
Published-23 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1339
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_storage_managerSpectrum Protect
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-4284
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.61%
||
7 Day CHG~0.00%
Published-05 Aug, 2019 | 13:40
Updated-17 Sep, 2024 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-4266
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.4||LOW
EPSS-0.05% / 14.26%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 13:45
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_anywhereMaximo Anywhere
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-4719
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 26.63%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 15:25
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelmq_appliancewebsphere_mqhp-uxwindowsmqaixMQ
CVE-2017-1170
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.58%
||
7 Day CHG~0.00%
Published-26 Apr, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_commerceWebSphere Commerce Enterprise
CVE-2019-4309
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 28.94%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 23:36
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-4207
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 18:35
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.

Action-Not Available
Vendor-IBM Corporation
Product-tririga_application_platformTRIRIGA Application Platform
CVE-2019-4668
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.91%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 13:10
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4444
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 28.44%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 15:45
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1231
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.27%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 05:00
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix Platform
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1207
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.58%
||
7 Day CHG~0.00%
Published-05 Jul, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_message_brokerintegration_busIntegration Bus
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4693
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.02% / 3.32%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 19:00
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_encryptionguardium_for_cloud_key_managementSecurity Guardium Data Encryption
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-20567
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.92%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 16:15
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-resilient_security_orchestration_automation_and_responselinuxResilient SOAR
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2009-2743
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 20.29%
||
7 Day CHG~0.00%
Published-21 Sep, 2009 | 19:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2021-20389
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-20391
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.66%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 16:15
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_user_behavior_analyticsQRadar SIEM
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-20408
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.15%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2009-1292
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 15.37%
||
7 Day CHG~0.00%
Published-14 Apr, 2009 | 16:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.

Action-Not Available
Vendor-unixn/aIBM Corporation
Product-rational_clearcaseaixunixn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2009-0503
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 19.68%
||
7 Day CHG~0.00%
Published-13 Feb, 2009 | 17:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_message_brokern/a
CWE ID-CWE-255
Not Available
CVE-2009-0504
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 16.88%
||
7 Day CHG~0.00%
Published-17 Feb, 2009 | 17:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-7261
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 15.52%
||
7 Day CHG~0.00%
Published-20 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-filenet_p8_application_enginen/a
CVE-2017-1125
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 16.55%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_business_intelligence_serverCognos Business Intelligence
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-9703
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.4||LOW
EPSS-0.06% / 19.59%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_manager_virtual_applianceIdentity Manager
CWE ID-CWE-384
Session Fixation
CVE-2016-9985
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.16%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_business_intelligenceCognos Business Intelligence
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-9739
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.07%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerIdentity Manager
CVE-2016-8963
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4224
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.04% / 12.96%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 16:45
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.

Action-Not Available
Vendor-IBM Corporation
Product-storediqStoredIQ
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4138
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 12.53%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 17:05
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.

Action-Not Available
Vendor-IBM Corporation
Product-security_siteprotector_systemSecurity SiteProtector System
CVE-2020-4197
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.4||LOW
EPSS-0.10% / 27.92%
||
7 Day CHG~0.00%
Published-03 Mar, 2020 | 13:50
Updated-16 Sep, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibusTivoli Netcool/OMNIbus
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-4871
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-19 Jan, 2021 | 15:20
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-4884
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.15%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 16:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4913
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.14%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 14:00
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_systemCloud Pak System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-4369
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 20:30
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.

Action-Not Available
Vendor-IBM Corporation
Product-verify_gatewayVerify Gateway (IVG)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-5017
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.03% / 7.70%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 19:10
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_protectlinux_kernelSpectrum Protect Plus
CVE-2020-4650
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.66%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 20:25
Updated-17 Sep, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_spatial_asset_managementMaximo Spatial Asset Management
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-4906
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 14.39%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 20:35
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-4498
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.04% / 11.07%
||
7 Day CHG~0.00%
Published-27 Jul, 2020 | 13:31
Updated-17 Sep, 2024 | 03:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-4765
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.66%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 19:40
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_multicloud_managementCloud Pak for Multicloud Management
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2016-8939
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.86%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_storage_managerSpectrum Protect
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8916
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8981
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.37%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4604
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.02% / 3.76%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4568
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 14:50
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-4629
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.09% / 26.99%
||
7 Day CHG~0.00%
Published-30 Sep, 2020 | 14:35
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4996
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.98%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 14:50
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_governance_and_intelligenceSecurity Identity Governance and Intelligence
CVE-2020-4951
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.07% / 21.31%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 15:55
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4338
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 15:35
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-29759
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.95%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 16:30
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterprise_certified_containerApp Connect Enterprise Certified Container
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-1623
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.08% / 25.56%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 13:20
Updated-17 Sep, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.

Action-Not Available
Vendor-IBM Corporation
Product-security_privileged_identity_managerSecurity Privileged Identity Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found