Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-1366

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-07 Feb, 2018 | 17:00
Updated At-16 Sep, 2024 | 16:12
Rejected At-
Credits

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:07 Feb, 2018 | 17:00
Updated At:16 Sep, 2024 | 16:12
Rejected At:
▼CVE Numbering Authority (CNA)

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452.

Affected Products
Vendor
IBM CorporationIBM
Product
Content Navigator
Versions
Affected
  • 3.0.0
  • 3.0.1
  • 2.0.2.8
  • 3.0.2
  • 3.0.3
  • 2.0.2.7
Problem Types
TypeCWE IDDescription
textN/AGain Access
Type: text
CWE ID: N/A
Description: Gain Access
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/137452
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22012674
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/137452
Resource:
x_refsource_MISC
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg22012674
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/137452
x_refsource_MISC
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg22012674
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/137452
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg22012674
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:07 Feb, 2018 | 17:29
Updated At:03 Oct, 2019 | 00:03

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
IBM Corporation
ibm
>>content_navigator>>2.0.2.7
cpe:2.3:a:ibm:content_navigator:2.0.2.7:*:*:*:*:*:*:*
IBM Corporation
ibm
>>content_navigator>>2.0.2.8
cpe:2.3:a:ibm:content_navigator:2.0.2.8:*:*:*:*:*:*:*
IBM Corporation
ibm
>>content_navigator>>3.0.0
cpe:2.3:a:ibm:content_navigator:3.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>content_navigator>>3.0.1
cpe:2.3:a:ibm:content_navigator:3.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>content_navigator>>3.0.2
cpe:2.3:a:ibm:content_navigator:3.0.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>content_navigator>>3.0.3
cpe:2.3:a:ibm:content_navigator:3.0.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.ibm.com/support/docview.wss?uid=swg22012674psirt@us.ibm.com
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/137452psirt@us.ibm.com
Vendor Advisory
VDB Entry
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg22012674
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/137452
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

242Records found
CVE-2022-22392
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 47.83%
||
7 Day CHG~0.00%
Published-25 Apr, 2022 | 15:20
Updated-16 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analytics_workspacePlanning Analytics Workspace
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-2001
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 18:35
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCram Social Program Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-2000
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.84%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 14:50
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Automation Workflow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1840
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.71% / 71.36%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2018-1926
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.00%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1888
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 60.29%
||
7 Day CHG~0.00%
Published-04 Jan, 2019 | 15:00
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079.

Action-Not Available
Vendor-IBM Corporation
Product-i_accessi Access for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-1858
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.25%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 15:45
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1884
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-1.58% / 80.83%
||
7 Day CHG-0.03%
Published-12 Nov, 2018 | 16:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.

Action-Not Available
Vendor-IBM Corporation
Product-case_managerCase Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1927
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.93%
||
7 Day CHG~0.00%
Published-30 Nov, 2018 | 15:00
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118.

Action-Not Available
Vendor-IBM Corporation
Product-storediqStoredIQ
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1661
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.84%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 14:00
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateways
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1790
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 14:40
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_managerFinancial Transaction Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1622
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.79%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 13:20
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.

Action-Not Available
Vendor-IBM Corporation
Product-security_privileged_identity_managerSecurity Privileged Identity Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1638
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 42.75%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 13:00
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-287
Improper Authentication
CVE-2018-1442
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.09%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598.

Action-Not Available
Vendor-IBM Corporation
Product-monitoringMonitoring
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1479
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-27 Apr, 2018 | 15:00
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix Platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1455
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.85%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_application_dependency_discovery_managerTivoli Application Dependency Discovery Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1458
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.28% / 51.38%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-1437
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.11%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 00:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565.

Action-Not Available
Vendor-IBM Corporation
Product-notesNotes
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-1435
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.99% / 75.95%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 00:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.

Action-Not Available
Vendor-IBM Corporation
Product-notesNotes
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-1434
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.96%
||
7 Day CHG~0.00%
Published-17 May, 2018 | 21:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_virtualizestorwize_v3500storwize_v3500_firmwarespectrum_virtualize_for_public_cloudstorwize_v5000_firmwarestorwize_v7000_firmwarestorwize_v3700_firmwarestorwize_v7000storwize_v9000_firmwarestorwize_v3700storwize_v5000san_volume_controllersan_volume_controller_firmwarestorwize_v9000FlashSystem V9000Spectrum Virtualize for Public CloudStorwize V7000 (2076)SAN Volume ControllerStorwize V5000Spectrum Virtualize SoftwareStorwize V3500Storwize V3700
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1417
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-1.49% / 80.30%
||
7 Day CHG~0.00%
Published-22 Feb, 2018 | 19:00
Updated-16 Sep, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.

Action-Not Available
Vendor-IBM Corporation
Product-java_sdkSDK, Java Technology Edition
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-1514
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 14:00
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automation_with_automation_anywhereRobotic Process Automation with Automation Anywhere
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-39070
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.67% / 70.43%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 12:04
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_verify_accesssecurity_verify_access_dockern/a
CVE-2017-1769
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.81%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 14:00
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.

Action-Not Available
Vendor-IBM Corporation
Product-business_process_managerBusiness Process Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1711
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.91%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 20:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.

Action-Not Available
Vendor-IBM Corporation
Product-notesclient_application_accessNotesClient Application Access
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-1746
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.98%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.

Action-Not Available
Vendor-IBM Corporation
Product-jazz_for_service_managementTivoli Components
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1693
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.29% / 52.30%
||
7 Day CHG~0.00%
Published-19 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.

Action-Not Available
Vendor-IBM Corporation
Product-integration_busIntegration Bus
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2017-1721
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.58% / 68.01%
||
7 Day CHG~0.00%
Published-26 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerSecurity QRadar SIEM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1631
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.98%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.

Action-Not Available
Vendor-IBM Corporation
Product-jazz_for_service_managementTivoli Components
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-38886
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.87%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 16:30
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5424
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.48%
||
7 Day CHG~0.00%
Published-25 Oct, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.

Action-Not Available
Vendor-n/aIBM Corporation
Product-flex_system_managern/a
CVE-2013-5375
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.86% / 82.30%
||
7 Day CHG~0.00%
Published-24 Nov, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-javan/a
CVE-2017-1300
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.76%
||
7 Day CHG~0.00%
Published-01 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.

Action-Not Available
Vendor-IBM Corporation
Product-openpages_grc_platformOpenPages GRC Platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1097
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.27%
||
7 Day CHG~0.00%
Published-05 Sep, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_strategic_supply_managementEmptoris Strategic Supply Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4264
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.84%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i2_analysts_notebookwindowsi2 Analysts Notebook
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-4588
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.7||HIGH
EPSS-0.41% / 60.70%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 13:50
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i2_ibasewindowsi2 iBase
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-4468
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-1.32% / 79.09%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i2_analysts_notebookwindowsi2 Analysts Notebook
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-4266
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.84%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i2_analysts_notebookwindowsi2 Analysts Notebook
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-4549
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.84%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 12:35
Updated-16 Sep, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183317.

Action-Not Available
Vendor-IBM Corporation
Product-i2_analysts_notebooki2 Analyst Notebook
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-9716
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.76%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_master_data_management_serverInfoSphere Master Data Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-0304
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-1.11% / 77.25%
||
7 Day CHG~0.00%
Published-29 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.

Action-Not Available
Vendor-n/aIBM Corporation
Product-dominon/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-4997
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.48%
||
7 Day CHG~0.00%
Published-29 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_portaln/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found