Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-4593

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-15 Apr, 2020 | 15:13
Updated At-16 Sep, 2024 | 18:38
Rejected At-
Credits

IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:15 Apr, 2020 | 15:13
Updated At:16 Sep, 2024 | 18:38
Rejected At:
▼CVE Numbering Authority (CNA)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.

Affected Products
Vendor
IBM CorporationIBM
Product
Qradar
Versions
Affected
  • 7.3.3.Patch1
Vendor
IBM CorporationIBM
Product
QRadar
Versions
Affected
  • 7.3.0
Problem Types
TypeCWE IDDescription
textN/AObtain Information
Type: text
CWE ID: N/A
Description: Obtain Information
Metrics
VersionBase scoreBase severityVector
3.04.3MEDIUM
CVSS:3.0/C:L/AV:N/UI:N/PR:L/AC:L/I:N/A:N/S:U/E:U/RL:O/RC:C
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/C:L/AV:N/UI:N/PR:L/AC:L/I:N/A:N/S:U/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6189729
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/167743
vdb-entry
x_refsource_XF
Hyperlink: https://www.ibm.com/support/pages/node/6189729
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/167743
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6189729
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/167743
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6189729
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/167743
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:15 Apr, 2020 | 16:15
Updated At:24 Aug, 2020 | 17:37

IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>qradar_security_information_and_event_manager>>Versions from 7.3.0(inclusive) to 7.3.3(exclusive)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>qradar_security_information_and_event_manager>>7.3.3
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*
IBM Corporation
ibm
>>qradar_security_information_and_event_manager>>7.3.3
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:p1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-209Primarynvd@nist.gov
CWE ID: CWE-209
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/167743psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6189729psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/167743
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6189729
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

662Records found
CVE-2022-22363
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.27%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 16:07
Updated-03 Jul, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-controllerwindowscognos_controllerControllerCognos Controller
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-5591
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.15%
||
7 Day CHG~0.00%
Published-03 Jan, 2025 | 14:33
Updated-21 Mar, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Jazz Foundation information disclosure

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kerneljazz_foundationwindowsJazz Foundation
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-49818
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.88%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 17:35
Updated-07 Jan, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager information disclosure

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_key_lifecycle_managerSecurity Guardium Key Lifecycle Manager
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-33835
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.19%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 13:04
Updated-27 Sep, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-49798
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 23:50
Updated-22 Feb, 2025 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM ApplinX Information Disclosure

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-applinxApplinX
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20523
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 17:15
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660

Action-Not Available
Vendor-IBM CorporationDocker, Inc.
Product-security_verify_accessdockerSecurity Verify Access Docker
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20371
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.77%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 20:40
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerengineering_test_managementrational_quality_managerengineering_lifecycle_optimization_-_publishingremovable_media_managerengineering_lifecycle_optimization_-_engineering_insightscollaborative_lifecycle_managementengineering_lifecycle_managementRational Quality ManagerRational DOORS Next GenerationRational Rhapsody Model ManagerRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerEngineering Test Management
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20499
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 17:15
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973

Action-Not Available
Vendor-IBM CorporationDocker, Inc.
Product-security_verify_accessdockerSecurity Verify Access Docker
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20413
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.40%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 15:55
Updated-16 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_encryptionGuardium Data Encryption
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4164
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.14% / 34.79%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 14:05
Updated-16 Sep, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400.

Action-Not Available
Vendor-IBM Corporation
Product-security_information_queueSecurity Information Queue
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2013-5382
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.23% / 45.26%
||
7 Day CHG~0.00%
Published-01 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_asset_managementn/a
CVE-2013-5433
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.26% / 48.64%
||
7 Day CHG~0.00%
Published-12 Aug, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_optim_data_growth_solution_for_siebel_crmn/a
CVE-2024-45089
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.59%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 15:58
Updated-05 Mar, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator information disclosure

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-47159
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.59%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 16:04
Updated-27 Jan, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling File Gateway information disclosure

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.

Action-Not Available
Vendor-IBM Corporation
Product-Sterling File Gateway
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2013-5461
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-27 Apr, 2018 | 16:00
Updated-06 Aug, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309.

Action-Not Available
Vendor-n/aIBM Corporation
Product-endpoint_manager_for_remote_controltivoli_remote_controln/a
CWE ID-CWE-255
Not Available
CVE-2017-3744
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.68%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-system_x3250_m5flex_system_x280_x6flex_system_x220_m4system_x3100_m4system_x3530_m4system_x3550_m5flex_system_x480_m4system_x3500_m4system_x3250_m6idataplex_dx360_m4flex_system_x240_m5flex_system_x222_m4system_x3650_m4_bdsystem_x3630_m4bladecenter_hs23eflex_system_x880system_x3650_m5system_x3300_m4bladecenter_hs22system_x3100_m5flex_system_x280_m4system_x3550_m4system_x3650_m4_hdsystem_x3500_m5system_x3950_x6system_x3250_m4idataplex_dx360_m4_water_cooledthinkagile_cx4200system_x3850_x6flex_system_x480_x6nextscale_nx360_m4flex_system_x880_m4integrated_management_module_firmwarethinkagile_cx2200nextscale_nx360_m5bladecenter_hs23system_x3750_m4flex_system_x440_m4system_x3650_m4flex_system_x240_m4thinkagile_cx4600Lenovo System x IMM2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2013-4020
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.20% / 42.30%
||
7 Day CHG~0.00%
Published-01 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_asset_managementn/a
CVE-2013-3972
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.20% / 42.45%
||
7 Day CHG~0.00%
Published-01 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_asset_managementn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1765
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.32% / 54.71%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.

Action-Not Available
Vendor-IBM Corporation
Product-business_process_manager_enterprise_service_busbusiness_process_managerBusiness Process Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1768
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 13:00
Updated-16 Sep, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4039
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.38% / 58.71%
||
7 Day CHG~0.00%
Published-28 Aug, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_extended_deployment_compute_gridn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4038
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.21% / 43.76%
||
7 Day CHG~0.00%
Published-09 Aug, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-system_x3650_m4flex_system_x440_compute_nodesystem_x3500_m3system_x3550_m3system_x3550_m4system_x_idataplex_dx360_m4_serversystem_x3950_x5system_x3200_m3system_x3100_m4system_x3630_m4flex_system_x240_compute_nodesystem_x3750_m4system_x3650_m2system_x_idataplex_dx360_m2_serversystem_x3400_m3system_x_idataplex_dx360_m3_serverflex_system_x220_compute_nodesystem_x3620_m3system_x3500_m4system_x3650_m3system_x3550_m2bladecentersystem_x3400_m2system_x3530_m4system_x3690_x5system_x3630_m3system_x3850_x5system_x3250_m3system_x3500_m2system_x3250_m4n/a
CVE-2017-1752
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.27% / 50.35%
||
7 Day CHG-0.01%
Published-25 May, 2018 | 14:00
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3971
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.18% / 39.75%
||
7 Day CHG~0.00%
Published-01 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_asset_managementn/a
CVE-2013-4034
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-5.43% / 89.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_business_intelligencen/a
CVE-2017-1741
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 48.91%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 00:00
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1725
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.34%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_quality_managerrational_team_concertrational_collaborative_lifecycle_managementrational_rhapsody_design_managerrational_software_architect_design_managerRational Quality ManagerRational DOORS Next GenerationRational Software Architect Design ManagerRational Rhapsody Design ManagerRational Collaborative Lifecycle ManagementRational Engineering Lifecycle ManagerRational Team Concert
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1723
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 61.75%
||
7 Day CHG~0.00%
Published-26 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_network_insightsqradar_security_information_and_event_managerqradar_incident_forensicsSecurity QRadar SIEM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3020
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.16% / 37.22%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_file_gatewaysterling_b2b_integratorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1734
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.60%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_quality_managerrational_team_concertrational_collaborative_lifecycle_managementrational_rhapsody_design_managerrational_software_architect_design_managerRational Quality ManagerRational DOORS Next GenerationRational Software Architect Design ManagerRational Rhapsody Design ManagerRational Collaborative Lifecycle ManagementRational Engineering Lifecycle ManagerRational Team Concert
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1633
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.66%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 16:00
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2987
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.16% / 37.22%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_file_gatewaysterling_b2b_integratorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1785
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.40%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 17:00
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1705
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.64%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 16:00
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427.

Action-Not Available
Vendor-IBM Corporation
Product-security_privileged_identity_managerSecurity Privileged Identity Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2985
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.16% / 37.22%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_file_gatewaysterling_b2b_integratorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2979
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.20% / 42.51%
||
7 Day CHG~0.00%
Published-22 Aug, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_optim_performance_manageroptim_performance_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-4460
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.31%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 18:25
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1727
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.55%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 17:00
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-1701
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.80%
||
7 Day CHG~0.00%
Published-23 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.

Action-Not Available
Vendor-IBM Corporation
Product-rational_collaborative_lifecycle_managementrational_team_concertRational Team Concert
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2013-3049
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.18% / 39.75%
||
7 Day CHG~0.00%
Published-01 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_asset_managementn/a
CVE-2017-1515
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.01%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 21:00
Updated-05 Feb, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_requirements_management_doorsRational DOORS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1524
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.66%
||
7 Day CHG~0.00%
Published-23 Mar, 2018 | 19:00
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_quality_managerrational_team_concertrational_collaborative_lifecycle_managementrational_rhapsody_design_managerrational_software_architect_design_managerRational Collaborative Lifecycle Management
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1570
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.60%
||
7 Day CHG~0.00%
Published-27 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_software_architect_design_managerrational_team_concertrational_rhapsody_design_managerrational_engineering_lifecycle_managerrational_quality_managerrational_collaborative_lifecycle_managementRational Collaborative Lifecycle Management
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1538
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.74% / 72.06%
||
7 Day CHG~0.00%
Published-10 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_managerIBM Financial Transaction Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0568
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.16% / 37.22%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0475, and CVE-2013-0567.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_file_gatewaysterling_b2b_integratorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0520
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.14% / 34.66%
||
7 Day CHG~0.00%
Published-10 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_secure_proxyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0567
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.18% / 39.73%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0475.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_file_gatewaysterling_b2b_integratorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-4670
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.36%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 15:20
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CVE-2019-4173
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.42%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 15:10
Updated-17 Sep, 2024 | 00:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1559
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.18% / 39.73%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_quality_managerrational_team_concertrational_collaborative_lifecycle_managementrational_rhapsody_design_managerrational_software_architect_design_managerRational Quality ManagerRational Software Architect Design ManagerRational DOORS Next GenerationRational Rhapsody Design ManagerRational Collaborative Lifecycle ManagementRational Engineering Lifecycle ManagerRational Team Concert
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 13
  • 14
  • Next
Details not found