Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-4245

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-28 May, 2020 | 14:45
Updated At-16 Sep, 2024 | 20:12
Rejected At-
Credits

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:28 May, 2020 | 14:45
Updated At:16 Sep, 2024 | 20:12
Rejected At:
▼CVE Numbering Authority (CNA)

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423.

Affected Products
Vendor
IBM CorporationIBM
Product
Security Identity Governance and Intelligence
Versions
Affected
  • 5.2.6
Problem Types
TypeCWE IDDescription
textN/AObtain Information
Type: text
CWE ID: N/A
Description: Obtain Information
Metrics
VersionBase scoreBase severityVector
3.05.9MEDIUM
CVSS:3.0/AC:H/A:N/PR:N/UI:N/I:N/S:U/C:H/AV:N/RL:O/RC:C/E:U
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AC:H/A:N/PR:N/UI:N/I:N/S:U/C:H/AV:N/RL:O/RC:C/E:U
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6207908
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/175423
vdb-entry
x_refsource_XF
Hyperlink: https://www.ibm.com/support/pages/node/6207908
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/175423
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6207908
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/175423
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6207908
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/175423
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:28 May, 2020 | 15:15
Updated At:28 May, 2020 | 19:44

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.05.9MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>security_identity_governance_and_intelligence>>5.2.6
cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.6:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-521Primarynvd@nist.gov
CWE ID: CWE-521
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/175423psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6207908psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/175423
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6207908
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

912Records found
CVE-2019-4576
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 12:57
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_network_packet_capturelinux_kernelQRadar Network Packet Capture Software
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-4321
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-05 Sep, 2019 | 14:50
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.

Action-Not Available
Vendor-IBM Corporation
Product-intelligent_operations_center_for_emergency_managementwater_operations_for_waternamicsintelligent_operations_centerIntelligent Operations Center
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-4235
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 49.94%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 14:35
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.

Action-Not Available
Vendor-IBM Corporation
Product-pureapplication_systemPureApplication System
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-4698
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.11% / 30.03%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 19:00
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_encryptionguardium_for_cloud_key_managementSecurity Guardium Data Encryption
CWE ID-CWE-521
Weak Password Requirements
CVE-2017-1597
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 48.78%
||
7 Day CHG~0.00%
Published-17 Dec, 2018 | 16:00
Updated-16 Sep, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-521
Weak Password Requirements
CVE-2021-38935
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 17:35
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-521
Weak Password Requirements
CVE-2017-1386
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 44.08%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectapi_managementAPI Connect
CWE ID-CWE-521
Weak Password Requirements
CVE-2024-40697
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.04%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 10:59
Updated-22 Aug, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Licensing information disclosure

IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895.

Action-Not Available
Vendor-IBM Corporation
Product-common_licensingCommon Licensing
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-4067
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 42.77%
||
7 Day CHG~0.00%
Published-07 Jun, 2019 | 14:40
Updated-16 Sep, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.

Action-Not Available
Vendor-IBM Corporation
Product-intelligent_operations_center_for_emergency_managementwater_operations_for_waternamicsintelligent_operations_centerIntelligent Operations Center
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-4565
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 49.94%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 15:50
Updated-17 Sep, 2024 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-521
Weak Password Requirements
CVE-2017-1221
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.26%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix Platform
CWE ID-CWE-521
Weak Password Requirements
CVE-2021-20418
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.14% / 35.07%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 15:55
Updated-16 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-521
Weak Password Requirements
CVE-2017-1196
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.81%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_security_compliance_analyticsEndpoint Manager for Security and Compliance
CWE ID-CWE-521
Weak Password Requirements
CVE-2018-1956
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 48.78%
||
7 Day CHG~0.00%
Published-14 Jan, 2019 | 14:00
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerSecurity Identity Manager
CWE ID-CWE-521
Weak Password Requirements
CVE-2018-1680
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 47.66%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 13:20
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.

Action-Not Available
Vendor-IBM Corporation
Product-security_privileged_identity_managerSecurity Privileged Identity Manager
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-4574
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 14:05
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-521
Weak Password Requirements
CVE-2022-34333
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 19.36%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 12:58
Updated-10 Feb, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Order Management information disclosure

IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_order_managementSterling Order Management
CWE ID-CWE-521
Weak Password Requirements
CVE-2018-1372
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.24%
||
7 Day CHG~0.00%
Published-27 Feb, 2018 | 17:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-521
Weak Password Requirements
CVE-2021-20470
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 48.78%
||
7 Day CHG~0.00%
Published-03 Dec, 2021 | 17:00
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-521
Weak Password Requirements
CVE-2013-5423
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.49%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-flex_system_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2001-0982
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.76% / 85.45%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_secureway_policy_directorn/a
CVE-2013-5468
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.21% / 43.14%
||
7 Day CHG~0.00%
Published-05 Mar, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network.

Action-Not Available
Vendor-n/aIBM Corporation
Product-algo_onen/a
CVE-2013-5445
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.34% / 56.16%
||
7 Day CHG~0.00%
Published-25 Mar, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_expressn/a
CVE-2024-52367
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.70%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 11:55
Updated-18 Jul, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software information disclosure

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2019-4514
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.36%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 14:05
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-0628
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.61% / 68.82%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rwho/rwhod service is running, which exposes machine status and user information.

Action-Not Available
Vendor-n/aNetBSDLinux Kernel Organization, IncIBM CorporationFreeBSD Foundation
Product-linux_kernelnetbsdfreebsdaixn/a
CVE-1999-0111
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.61% / 68.82%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RIP v1 is susceptible to spoofing.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2017-1488
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.19% / 40.74%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 22:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_quality_managerrational_team_concertrational_collaborative_lifecycle_managementrational_rhapsody_design_managerrational_software_architect_design_managerRational Quality ManagerRational DOORS Next GenerationRational Software Architect Design ManagerRational Rhapsody Design ManagerRational Collaborative Lifecycle ManagementRational Engineering Lifecycle ManagerRational Team Concert
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2006-6637
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.01% / 76.19%
||
7 Day CHG~0.00%
Published-19 Dec, 2006 | 20:00
Updated-07 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-47119
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 15:23
Updated-08 Aug, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender - Resiliency Service improper certificate validation

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-295
Improper Certificate Validation
CVE-2013-3981
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.22% / 45.09%
||
7 Day CHG~0.00%
Published-26 May, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sametimen/a
CVE-2006-5835
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.02% / 83.00%
||
7 Day CHG~0.00%
Published-10 Nov, 2006 | 01:00
Updated-07 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_notesn/a
CVE-2017-1774
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.74%
||
7 Day CHG~0.00%
Published-26 Feb, 2018 | 14:00
Updated-17 Sep, 2024 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1368
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.21% / 43.09%
||
7 Day CHG~0.00%
Published-29 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1788
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 64.37%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 12:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CVE-2023-47148
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.37%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 12:51
Updated-02 Aug, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Protect Plus Server information disclosure

IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelspectrum_protect_plusStorage Protect Plus Serverstorage_protect_plus
CWE ID-CWE-862
Missing Authorization
CVE-2013-4043
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.50%
||
7 Day CHG~0.00%
Published-01 Feb, 2014 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spss_collaboration_and_deployment_servicesn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3982
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-37.24% / 97.05%
||
7 Day CHG~0.00%
Published-26 May, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sametimen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1698
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 53.97%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_portalWebSphere Portal
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1625
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.17%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 133123.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_pulsePulse for QRadar
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1665
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.97%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 17:00
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.

Action-Not Available
Vendor-Debian GNU/LinuxIBM Corporation
Product-security_key_lifecycle_managerdebian_linuxSecurity Key Lifecycle Manager
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2013-4070
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.50%
||
7 Day CHG~0.00%
Published-21 Dec, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spss_collaboration_and_deployment_servicesn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3978
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.21% / 43.14%
||
7 Day CHG~0.00%
Published-13 Feb, 2014 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sametimen/a
CVE-2017-1695
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.16% / 37.20%
||
7 Day CHG~0.00%
Published-15 Feb, 2019 | 20:00
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2006-4137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-14 Aug, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2013-3001
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.64%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 18:00
Updated-06 Aug, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_data_replication_dashboardn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2006-4681
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.98% / 91.06%
||
7 Day CHG-1.15%
Published-11 Sep, 2006 | 17:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.

Action-Not Available
Vendor-n/aIBM Corporation
Product-directorn/a
CVE-2013-2954
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.48%
||
7 Day CHG~0.00%
Published-27 May, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_optim_data_growth_for_oracle_e-business_suiten/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-3018
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.54%
||
7 Day CHG~0.00%
Published-24 May, 2018 | 21:00
Updated-06 Aug, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_application_dependency_discovery_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-4061
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-59.88% / 98.19%
||
7 Day CHG~0.00%
Published-27 Feb, 2019 | 22:00
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found