Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-3028

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-25 Nov, 2016 | 03:38
Updated At-05 Aug, 2024 | 23:40
Rejected At-
Credits

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:25 Nov, 2016 | 03:38
Updated At:05 Aug, 2024 | 23:40
Rejected At:
▼CVE Numbering Authority (CNA)

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257
vendor-advisory
x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21990317
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93176
vdb-entry
x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322
vendor-advisory
x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21990317
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/93176
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326
Resource:
vendor-advisory
x_refsource_AIXAPAR
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21990317
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/93176
vdb-entry
x_refsource_BID
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21990317
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/93176
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:25 Nov, 2016 | 03:59
Updated At:06 May, 2026 | 22:30

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.1CRITICAL
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
IBM Corporation
ibm
>>security_access_manager>>9.0.0
cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager>>9.0.0.1
cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager>>9.0.1.0
cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager_for_web>>7.0.0
cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager_for_web>>8.0.0
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager_for_web>>8.0.0.2
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager_for_web>>8.0.0.4
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.4:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager_for_web>>8.0.0.5
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager_for_web>>8.0.1
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager_for_web>>8.0.1.2
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager_for_web>>8.0.1.3
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_access_manager_for_web>>8.0.1.4
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257psirt@us.ibm.com
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322psirt@us.ibm.com
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326psirt@us.ibm.com
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21990317psirt@us.ibm.com
Vendor Advisory
http://www.securityfocus.com/bid/93176psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21990317af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/93176af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257
Source: psirt@us.ibm.com
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322
Source: psirt@us.ibm.com
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326
Source: psirt@us.ibm.com
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21990317
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/93176
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21990317
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/93176
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

759Records found
CVE-2020-4620
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-2.68% / 86.17%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2012-4857
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9||HIGH
EPSS-7.64% / 92.06%
||
7 Day CHG~0.00%
Published-08 Dec, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.

Action-Not Available
Vendor-n/aIBM Corporation
Product-informix_dynamic_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5759
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9||HIGH
EPSS-0.78% / 74.05%
||
7 Day CHG~0.00%
Published-23 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_datapower_xc10_appliancen/a
CVE-2012-2163
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9||HIGH
EPSS-0.50% / 66.34%
||
7 Day CHG~0.00%
Published-30 Jul, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the (1) Command Line Interface or (2) Graphical User Interface, related to a "code injection" issue.

Action-Not Available
Vendor-n/aIBM Corporation
Product-scale_out_network_attached_storagen/a
CVE-2016-2875
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-1.22% / 79.52%
||
7 Day CHG~0.00%
Published-08 Aug, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-4713
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-5.11% / 90.05%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 19:00
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_encryptionguardium_for_cloud_key_managementSecurity Guardium Data Encryption
CVE-2019-4728
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-16.34% / 95.00%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 15:10
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-4013
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9||CRITICAL
EPSS-16.07% / 94.94%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 14:30
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2016-0324
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.55%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 17:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_identity_manager_virtual_appliancen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-0375
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-1.07% / 78.14%
||
7 Day CHG~0.00%
Published-01 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-messagesightn/a
CVE-2016-0236
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-2.99% / 86.85%
||
7 Day CHG~0.00%
Published-21 Oct, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_guardium_database_activity_monitorn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2015-4947
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9||HIGH
EPSS-4.97% / 89.90%
||
7 Day CHG~0.00%
Published-15 Sep, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-http_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-1961
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9||HIGH
EPSS-0.22% / 44.22%
||
7 Day CHG~0.00%
Published-13 Jul, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.

Action-Not Available
Vendor-n/aIBM Corporation
Product-business_process_managern/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-2016
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9||HIGH
EPSS-0.86% / 75.50%
||
7 Day CHG~0.00%
Published-04 Oct, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CVE-2017-1696
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-4.04% / 88.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerSecurity QRadar SIEM
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3003
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9||HIGH
EPSS-2.17% / 84.70%
||
7 Day CHG~0.00%
Published-02 Jul, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-ims_enterprise_suiten/a
CVE-2023-35019
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.15% / 36.01%
||
7 Day CHG~0.00%
Published-31 Jul, 2023 | 00:27
Updated-18 Oct, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance command execution

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance, Identity Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-7426
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-2.73% / 86.26%
||
7 Day CHG~0.00%
Published-02 Jan, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spectrum_protect_for_virtual_environmentsspectrum_protect_snapshotn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-35895
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 44.58%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 14:18
Updated-02 Aug, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Informix JDBC code execution

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116.

Action-Not Available
Vendor-IBM Corporation
Product-informix_jdbcInformix JDBC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2015-4956
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.41% / 61.84%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-28528
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-1.71% / 82.73%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 02:06
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX command execution

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.

Action-Not Available
Vendor-IBM Corporation
Product-viosaixAIX
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-25925
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.5||HIGH
EPSS-0.39% / 60.60%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 21:53
Updated-13 Dec, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager command injection

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsecurity_guardium_key_lifecycle_managerwindowslinux_kernelSecurity Guardium Key Lifecycle Managersecurity_guardium_key_lifecycle_manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-13687
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 17.18%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 20:45
Updated-04 Mar, 2026 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.

Action-Not Available
Vendor-IBM Corporation
Product-datastage_on_cloud_pak_for_dataDataStage on Cloud Pak for Data
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-13686
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 17.18%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 20:51
Updated-04 Mar, 2026 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.

Action-Not Available
Vendor-IBM Corporation
Product-datastage_on_cloud_pak_for_dataDataStage on Cloud Pak for Data
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-13688
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 17.18%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 20:44
Updated-04 Mar, 2026 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.

Action-Not Available
Vendor-IBM Corporation
Product-datastage_on_cloud_pak_for_dataDataStage on Cloud Pak for Data
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-13481
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 9.46%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 19:47
Updated-15 Dec, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Orchestrator Command Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aspera_orchestratorlinux_kernelAspera Orchestrator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-37407
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.38%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 15:35
Updated-07 Jan, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Orchestrator command execution

IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 260116.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_orchestratorAspera Orchestratoraspera_orchestrator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-1998
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.47%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_mqMQ
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-4823
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-10||HIGH
EPSS-6.47% / 91.28%
||
7 Day CHG~0.00%
Published-03 Oct, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_access_manager_for_mobile_appliancesecurity_access_manager_for_web_8.0_firmwaresecurity_access_manager_for_mobile_8.0_firmwaresecurity_access_manager_for_web_7.0_firmwaresecurity_access_manager_for_web_appliancen/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-3085
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-15.72% / 94.87%
||
7 Day CHG~0.00%
Published-17 Aug, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.

Action-Not Available
Vendor-n/aIBM Corporation
Product-global_console_manager_16_firmwareglobal_console_manager_32_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-0887
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.64% / 71.02%
||
7 Day CHG~0.00%
Published-25 Mar, 2014 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_protector_for_mail_securityn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-0886
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.44% / 63.79%
||
7 Day CHG~0.00%
Published-25 Mar, 2014 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_protector_for_mail_securityn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-6719
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-10.58% / 93.44%
||
7 Day CHG~0.00%
Published-06 Mar, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tealeaf_cxn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-54181
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 60.57%
||
7 Day CHG~0.00%
Published-30 Dec, 2024 | 13:41
Updated-28 Mar, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Automation command injection

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-websphere_automationlinux_kernelWebSphere Automation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5935
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.53%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 23:30
Updated-18 May, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TSSC/IMC is vulnerable to OS Command Injection

IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.

Action-Not Available
Vendor-IBM Corporation
Product-total_storage_service_consolets4500_imcTotal Storage Service Console (TSSC) / TS4500 IMC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-51450
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.61% / 70.28%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:15
Updated-08 Aug, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Directory Command Execution

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_directorySecurity Verify Directory
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-51465
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 50.20%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 14:08
Updated-14 Aug, 2025 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise Certified Container command execution

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM CorporationRed Hat, Inc.
Product-openshiftapp_connect_enterprise_certified_containerApp Connect Enterprise Certified Container
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49803
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 72.17%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 16:50
Updated-29 Jan, 2025 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance command execution

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-47115
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.51%
||
7 Day CHG~0.00%
Published-07 Dec, 2024 | 12:42
Updated-21 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX command execution

IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIX
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43907
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.14% / 33.65%
||
7 Day CHG~0.00%
Published-27 Aug, 2023 | 22:38
Updated-01 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium command execution

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardiumsecurity_guardium
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43867
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 18:12
Updated-23 Apr, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Scale command execution

IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-spectrum_scale_container_native_storage_accesslinux_kernelSpectrum Scale
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-1253
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.35% / 80.52%
||
7 Day CHG~0.00%
Published-05 Jul, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2010-3757
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.72% / 91.46%
||
7 Day CHG~0.00%
Published-05 Oct, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. NOTE: this might overlap CVE-2010-3059.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2010-3754
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.19% / 91.05%
||
7 Day CHG~0.00%
Published-05 Oct, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-38387
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.50% / 66.31%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 18:16
Updated-01 May, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-cloud_pak_for_securitylinux_kernelCloud Pak for Security
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-35717
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.87%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-02 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361.

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixinfosphere_information_serverwindowslinux_kernelIBM InfoSphere Information Server
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-35642
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.49% / 66.11%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-02 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592."

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixinfosphere_information_serverwindowslinux_kernelIBM InfoSphere Information Server
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-33955
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.93%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 15:40
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.

Action-Not Available
Vendor-IBM Corporation
Product-cics_txCICS TX AdvancedCICS TX Standard
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-31767
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.95% / 83.84%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 15:35
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelcics_txCICS TX AdvancedCICS TX Standard
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-1345
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.06% / 19.64%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 20:39
Updated-07 Apr, 2026 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input.

Action-Not Available
Vendor-IBM Corporation
Product-verify_identity_access_containerverify_identity_accesssecurity_verify_access_containersecurity_verify_accessVerify Identity AccessSecurity Verify Access ContainerSecurity Verify AccessVerify Identity Access Container
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found