Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-4446

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-06 May, 2020 | 13:45
Updated At-16 Sep, 2024 | 20:06
Rejected At-
Credits

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:06 May, 2020 | 13:45
Updated At:16 Sep, 2024 | 20:06
Rejected At:
▼CVE Numbering Authority (CNA)

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126.

Affected Products
Vendor
IBM CorporationIBM
Product
Business Process Manager Standard
Versions
Affected
  • 8.5.5
  • 8.5.7.CF201706
  • 8.5.7.CF201703
  • 8.5.7.CF201612
  • 8.5.7.CF201609
  • 8.5.7.CF201606
  • 8.5.7
  • 8.5.6.2
  • 8.5.6.1
  • 8.5.6
  • 8.6
  • 8.5.0.2
  • 8.5.0.1
  • 8.5
  • 8.0.1.3
  • 8.0.1.2
  • 8.0.1.1
  • 8.0.1
  • 8.0
Vendor
IBM CorporationIBM
Product
Business Automation Workflow
Versions
Affected
  • 18.0.0.0
  • 19.0.0.1
Problem Types
TypeCWE IDDescription
textN/ABypass Security
Type: text
CWE ID: N/A
Description: Bypass Security
Metrics
VersionBase scoreBase severityVector
3.04.3MEDIUM
CVSS:3.0/I:N/AV:N/A:N/UI:N/PR:L/S:U/C:L/AC:L/RC:C/E:U/RL:O
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/I:N/AV:N/A:N/UI:N/PR:L/S:U/C:L/AC:L/RC:C/E:U/RL:O
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6205805
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/181126
vdb-entry
x_refsource_XF
Hyperlink: https://www.ibm.com/support/pages/node/6205805
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/181126
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6205805
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/181126
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6205805
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/181126
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:06 May, 2020 | 14:15
Updated At:08 May, 2020 | 20:59

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>business_automation_workflow>>Versions from 18.0.0.0(inclusive) to 18.0.0.2(inclusive)
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>business_automation_workflow>>Versions from 19.0.0.1(inclusive) to 19.0.0.3(inclusive)
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>business_process_manager>>Versions from 8.0.0.0(inclusive) to 8.0.1.3(inclusive)
cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>business_process_manager>>Versions from 8.5.0.0(inclusive) to 8.5.7.0(inclusive)
cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>business_process_manager>>8.6.0.0
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-863Primarynvd@nist.gov
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/181126psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6205805psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/181126
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6205805
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

752Records found
CVE-2020-4361
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.57%
||
7 Day CHG~0.00%
Published-20 Jul, 2020 | 14:05
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4189
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.31%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 16:35
Updated-17 Sep, 2024 | 03:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4786
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.24%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 16:35
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4365
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.23%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4203
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.27% / 49.84%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 13:40
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CVE-2020-4732
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.70%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 20:40
Updated-17 Sep, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerengineering_test_managementrational_quality_managerengineering_lifecycle_optimization_-_publishingremovable_media_managerengineering_lifecycle_optimization_-_engineering_insightscollaborative_lifecycle_managementengineering_lifecycle_managementRational Quality ManagerRational DOORS Next GenerationRational Rhapsody Model ManagerRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerEngineering Test Management
CVE-2020-4687
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-20 Aug, 2020 | 15:55
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-content_navigatorwindowsaixlinux_kernelContent Navigator
CVE-2020-4357
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 29.05%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 13:15
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4487
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.39%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 20:40
Updated-16 Sep, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerengineering_test_managementrational_quality_managerengineering_insightsrational_team_concertengineering_workflow_managementreference_data_managementdoors_nextcollaborative_lifecycle_managementengineering_lifecycle_managementrational_rhapsody_design_managerrhapsody_model_managerRational Quality ManagerRational DOORS Next GenerationRational Rhapsody Model ManagerEngineering Workflow ManagementRational Rhapsody Design ManagerRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerEngineering Test ManagementRational Team Concert
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4646
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 19:40
Updated-17 Sep, 2024 | 02:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CVE-2020-4671
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.49%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 16:40
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-4674
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.49%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:45
Updated-17 Sep, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.

Action-Not Available
Vendor-IBM Corporation
Product-workload_automationWorkload Automation
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-4477
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.45%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:25
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-4842
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 18:05
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_secret_serverSecurity Secret Server
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-49877
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.93%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 20:36
Updated-02 Aug, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM System Storage Virtualization Engine information disclosure

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651.

Action-Not Available
Vendor-IBM Corporation
Product-virtualization_engine_ts7760_3957-vecvirtualization_engine_ts7770_3957-ved_firmwarevirtualization_engine_ts7770_3948-vedvirtualization_engine_ts7760_3957-vec_firmwarevirtualization_engine_ts7770_3957-vedvirtualization_engine_ts7770_3948-ved_firmwareSystem Storage Virtualization Engine
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4696
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.74%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 15:30
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-4667
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 14:45
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_requirements_quality_assistant_on-premisesEngineering Requirements Quality Assistant
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4484
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 13:40
Updated-17 Sep, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CVE-2020-4782
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 60.87%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 16:15
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-4673
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.90%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:45
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286.

Action-Not Available
Vendor-IBM Corporation
Product-workload_automationWorkload Automation
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-4299
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarissterling_file_gatewaylinux_kernelihp-uxwindowsaixSterling B2B Integrator
CVE-2020-4430
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-55.16% / 97.97%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 19:20
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk ManagerData Risk Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5026
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.69%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 21:28
Updated-05 Mar, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_managerFinancial Transaction Manager
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4260
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.12% / 31.28%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 15:35
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CVE-2020-4475
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.47%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 16:40
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CVE-2022-22353
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.82%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 17:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.

Action-Not Available
Vendor-clouderaIBM Corporation
Product-big_sqldata_platformcloud_pak_for_dataBig SQL on Cloud Pak for Data
CVE-2020-4883
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.56%
||
7 Day CHG~0.00%
Published-05 May, 2021 | 15:45
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CVE-2020-4868
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-31 Jul, 2023 | 01:37
Updated-11 Oct, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TRIRIGA information disclosure

IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.

Action-Not Available
Vendor-IBM Corporation
Product-tririga_application_platformTRIRIGA Application Platform
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4566
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.49%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 16:40
Updated-17 Sep, 2024 | 03:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CVE-2022-22441
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.65%
||
7 Day CHG~0.00%
Published-28 Apr, 2022 | 16:10
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CVE-2020-4789
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 57.89%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 16:35
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-4678
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:20
Updated-17 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CVE-2020-4654
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.31% / 53.81%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 17:20
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CVE-2020-4843
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 28.14%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 18:05
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_secret_serverSecurity Secret Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4941
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.49%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 17:10
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.

Action-Not Available
Vendor-IBM Corporation
Product-edge_application_managerEdge
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4544
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.39%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 20:40
Updated-17 Sep, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerengineering_test_managementrational_quality_managerengineering_insightsrational_team_concertengineering_workflow_managementreference_data_managementdoors_nextcollaborative_lifecycle_managementengineering_lifecycle_managementrational_rhapsody_design_managerrhapsody_model_managerRational Quality ManagerRational DOORS Next GenerationRational Rhapsody Model ManagerEngineering Workflow ManagementRational Rhapsody Design ManagerRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerEngineering Test ManagementRational Team Concert
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4989
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 17:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.

Action-Not Available
Vendor-IBM Corporation
Product-rational_team_concertEngineering Workflow ManagementRational Team Concert
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-22337
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 17:50
Updated-10 Apr, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator Standard Edition information disclosure

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator Standard Edition
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-22334
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-31 Jul, 2022 | 17:30
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automationRobotic Process Automation
CVE-2022-22415
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.56%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:00
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsrobotic_process_automationRobotic Process Automation
CVE-2023-47159
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.66%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 16:04
Updated-27 Jan, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling File Gateway information disclosure

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.

Action-Not Available
Vendor-IBM Corporation
Product-Sterling File Gateway
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2014-0863
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.20% / 42.46%
||
7 Day CHG~0.00%
Published-05 Sep, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, 10.2.0.2 before IF1, and 10.2.2.0 before IF1 stores obfuscated passwords in memory, which allows remote authenticated users to obtain sensitive cleartext information via an unspecified security tool.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_tm1n/a
CVE-2023-46171
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.11%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 20:26
Updated-11 Mar, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM DS8900F information disclosure

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to view sensitive log information after enumerating filenames. IBM X-Force ID: 269408.

Action-Not Available
Vendor-IBM Corporation
Product-ds8900f_firmwareds8900fDS8900F
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-22391
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 17:35
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_high-speed_transfer_serveraspera_high-speed_transfer_endpointAspera High-Speed Transfer ServerAspera High-Speed Transfer Endpoint
CVE-2022-22356
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.60%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 16:45
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-22363
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.34%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 16:07
Updated-03 Jul, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-controllerwindowscognos_controllerControllerCognos Controller
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2014-0882
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-25 Apr, 2018 | 20:00
Updated-06 Aug, 2024 | 09:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.

Action-Not Available
Vendor-n/aIBM Corporation
Product-system_x3630_m4flex_system_x220system_x3750_m4nextscale_nx360_m4system_x3250_m4system_x3500_m4system_x3530_m4system_x3100_m4system_x_idataplex_dx360_m4flex_system_x240flex_system_manager_8731integrated_management_module_firmwaresystem_x3650_m4flex_system_manager_7955system_x3550_m4flex_system_x440n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1727
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.55%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 17:00
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-1741
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 48.92%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 00:00
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-4581
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.20% / 42.31%
||
7 Day CHG~0.00%
Published-15 Oct, 2008 | 20:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view.

Action-Not Available
Vendor-n/aIBM Corporation
Product-enovia_smarteamn/a
CWE ID-CWE-264
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found