Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-1941

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-05 Dec, 2018 | 17:00
Updated At-16 Sep, 2024 | 16:32
Rejected At-
Credits

IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:05 Dec, 2018 | 17:00
Updated At:16 Sep, 2024 | 16:32
Rejected At:
â–¼CVE Numbering Authority (CNA)

IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.

Affected Products
Vendor
IBM CorporationIBM
Product
Campaign
Versions
Affected
  • 9.1.2
  • 9.1.0
Problem Types
TypeCWE IDDescription
textN/AGain Privileges
Type: text
CWE ID: N/A
Description: Gain Privileges
Metrics
VersionBase scoreBase severityVector
3.08.4HIGH
CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Version: 3.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ibm.com/support/docview.wss?uid=ibm10743115
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/153382
vdb-entry
x_refsource_XF
Hyperlink: https://www.ibm.com/support/docview.wss?uid=ibm10743115
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/153382
Resource:
vdb-entry
x_refsource_XF
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ibm.com/support/docview.wss?uid=ibm10743115
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/153382
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.ibm.com/support/docview.wss?uid=ibm10743115
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/153382
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:05 Dec, 2018 | 17:29
Updated At:09 Oct, 2019 | 23:39

IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.08.4HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

IBM Corporation
ibm
>>campaign>>Versions from 9.1.0(inclusive) to 9.1.0.13(exclusive)
cpe:2.3:a:ibm:campaign:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>campaign>>Versions from 9.1.2(inclusive) to 9.1.2.7(exclusive)
cpe:2.3:a:ibm:campaign:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/153382psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10743115psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/153382
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/docview.wss?uid=ibm10743115
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

507Records found

CVE-2011-4834
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-1.23% / 65.21%
||
7 Day CHG~0.00%
Published-15 Dec, 2011 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

Action-Not Available
Vendor-n/aHP Inc.IBM CorporationSun Microsystems (Oracle Corporation)
Product-aixapplication_lifestyle_managementsunoshp-uxn/a
CVE-2013-6306
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.31% / 22.61%
||
7 Day CHG~0.00%
Published-22 Aug, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-power_770power_esepower_760_firmwarepower_750power_780power_760power_795powerlinux_7r2power_770_firmwarepower_740_firmwarepower_710power_730powerlinux_7r1power_740power_720n/a
CVE-2011-1376
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.38% / 30.24%
||
7 Day CHG~0.00%
Published-19 Jan, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2013-3028
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.37% / 28.58%
||
7 Day CHG~0.00%
Published-02 Jul, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_mqn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-4334
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.37% / 29.44%
||
7 Day CHG~0.00%
Published-16 Dec, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CVE-2009-4150
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.44% / 35.00%
||
7 Day CHG~0.00%
Published-02 Dec, 2009 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasedb2n/a
CVE-2013-3024
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.14%
||
7 Day CHG~0.00%
Published-24 May, 2018 | 21:00
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-264
Not Available
CVE-2001-0856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.47% / 37.19%
||
7 Day CHG~0.00%
Published-22 Nov, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.

Action-Not Available
Vendor-n/aIBM Corporation
Product-4758n/a
CVE-2018-1998
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 31.98%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_mqMQ
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2000-1119
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.98% / 57.79%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2008-3857
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.35% / 26.74%
||
7 Day CHG~0.00%
Published-28 Aug, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20515
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.32% / 23.53%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 15:45
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxwindowsaixinformix_dynamic_serverInformix Dynamic Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20349
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 16.70%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 16:05
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_workload_schedulerWorkload Scheduler
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20401
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 5.01%
||
7 Day CHG~0.00%
Published-05 May, 2021 | 15:45
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196075.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-38991
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.27% / 18.77%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 16:25
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
CVE-2020-4928
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.35% / 27.27%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 14:00
Updated-17 Sep, 2024 | 03:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_systemCloud Pak System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-5025
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.56% / 42.74%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:30
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kerneloncommand_insightDB2 for Linux, UNIX and Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-4799
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 28.62%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 13:20
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460.

Action-Not Available
Vendor-IBM Corporation
Product-informix_dynamic_serverInformix Dynamic Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-4609
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.29% / 21.27%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 17:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2) is vulnerable to a buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. IBM X-Force ID: 184917.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_privilege_managerSecurity Verify Privilege Manager
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-4829
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.35% / 26.65%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 22:11
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
CVE-2020-4607
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.30% / 22.17%
||
7 Day CHG~0.00%
Published-29 Sep, 2020 | 13:50
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM Corporation
Product-security_verify_privilege_vault_remote_on-premiseswindowsmacosSecurity Verify Privilege Vault Remote
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4610
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.17% / 6.43%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 17:40
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_privilege_managerSecurity Verify Privilege Manager
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2020-4587
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.34% / 26.02%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 15:30
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.

Action-Not Available
Vendor-IBM Corporation
Product-connect\sterling_connect\Sterling Connect:Direct for UNIXConnect:Direct for UNIX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-4701
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.46% / 36.34%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 15:15
Updated-16 Sep, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-4983
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.44% / 35.12%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 15:00
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_lsfspectrum_lsf_suiteSpectrum LSFSpectrum LSF Suite
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-4932
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.17% / 6.82%
||
7 Day CHG~0.00%
Published-05 May, 2021 | 15:45
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-4270
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.49% / 38.71%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-4278
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.27% / 19.32%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 15:20
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137.

Action-Not Available
Vendor-IBM Corporation
Product-platform_lsfspectrum_lsfspectrum_computing_for_high_performance_analyticsSpectrum LSFSpectrum Computing Suite for High Performance AnalyticsSpectrum LSF Suites
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-4363
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.48% / 37.98%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 14:25
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux- UNIX and Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-4230
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.38% / 29.98%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 15:15
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixdb2windowslinux_kernelDB2 for Linux- UNIX and Windows
CVE-2020-4190
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.21% / 11.28%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 14:30
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-4204
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.60% / 44.35%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 15:15
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixdb2windowslinux_kernelDB2 for Linux- UNIX and Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-4015
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.53% / 40.95%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-4016
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.53% / 40.95%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-17 Sep, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-4523
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.44% / 35.28%
||
7 Day CHG~0.00%
Published-22 Oct, 2019 | 14:27
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.

Action-Not Available
Vendor-opengroupIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsunixdb2_high_performance_unload_loadlinux_kernelDb2 High Performance Unload load for LUWDB2 High Performance Unload load for LUW
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-4031
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.31% / 22.65%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 12:45
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_workload_schedulerWorkload Scheduler Distributed
CVE-2019-4294
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.95% / 56.74%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 18:25
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewaymq_applianceDataPower GatewayMQ Appliance
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-4415
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.31% / 23.01%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 14:30
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CVE-2019-4322
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.53% / 40.95%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 15:05
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-4439
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 20.46%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 14:30
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-384
Session Fixation
CVE-2019-4620
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.35% / 27.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 18:30
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2019-4383
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.9||HIGH
EPSS-0.40% / 32.08%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 15:05
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CVE-2019-4591
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 18.61%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 14:10
Updated-17 Sep, 2024 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-384
Session Fixation
CVE-2019-4014
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.51% / 39.62%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 13:50
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2Db2
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-4154
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.53% / 40.95%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 15:05
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.

Action-Not Available
Vendor-HP Inc.IBM CorporationOracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kerneldb2hp-uxaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4598
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.31% / 22.99%
||
7 Day CHG~0.00%
Published-30 Aug, 2007 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.

Action-Not Available
Vendor-n/aIBM Corporation
Product-surepos_500n/a
CVE-2007-0670
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.49% / 38.48%
||
7 Day CHG~0.00%
Published-03 Feb, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1720
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 34.02%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 20:00
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.

Action-Not Available
Vendor-IBM Corporation
Product-notesclient_application_accessNotesClient Application Access
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-43927
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.64% / 46.28%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 16:51
Updated-18 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows information disclosure

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

Action-Not Available
Vendor-IBM CorporationHP Inc.Microsoft CorporationOracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-43863
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.74% / 50.13%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 21:25
Updated-25 Feb, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar SIEM privilege escalation

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 10
  • 11
  • Next
Details not found