Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-4498

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-27 Jul, 2020 | 13:31
Updated At-17 Sep, 2024 | 03:33
Rejected At-
Credits

IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:27 Jul, 2020 | 13:31
Updated At:17 Sep, 2024 | 03:33
Rejected At:
▼CVE Numbering Authority (CNA)

IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.

Affected Products
Vendor
IBM CorporationIBM
Product
MQ Appliance
Versions
Affected
  • 9.1.0.0
  • 9.1.0.1
  • 9.1.1
  • 9.1.0.2
  • 9.1.2
  • 9.1.0.3
  • 9.1.3
  • 9.1.0.4
  • 9.1.4
  • 9.1.0.5
  • 9.1.5
Problem Types
TypeCWE IDDescription
textN/AObtain Information
Type: text
CWE ID: N/A
Description: Obtain Information
Metrics
VersionBase scoreBase severityVector
3.04.1MEDIUM
CVSS:3.0/AC:H/AV:L/A:N/S:U/UI:N/PR:H/I:N/C:H/RC:C/RL:O/E:U
Version: 3.0
Base score: 4.1
Base severity: MEDIUM
Vector:
CVSS:3.0/AC:H/AV:L/A:N/S:U/UI:N/PR:H/I:N/C:H/RC:C/RL:O/E:U
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6252409
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/182118
vdb-entry
x_refsource_XF
Hyperlink: https://www.ibm.com/support/pages/node/6252409
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/182118
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6252409
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/182118
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6252409
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/182118
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:27 Jul, 2020 | 14:15
Updated At:21 Jul, 2021 | 11:39

IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Secondary3.04.1MEDIUM
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 4.1
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>mq_appliance>>Versions from 9.1.0.0(inclusive) to 9.1.0.6(exclusive)
cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*
IBM Corporation
ibm
>>mq_appliance>>Versions from 9.1.0.0(inclusive) to 9.2.0.0(exclusive)
cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*
Weaknesses
CWE IDTypeSource
CWE-532Primarynvd@nist.gov
CWE ID: CWE-532
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/182118psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6252409psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/182118
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6252409
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

533Records found
CVE-2019-4309
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 28.94%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 23:36
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-4676
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.23%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 14:25
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_manager_virtual_applianceSecurity Identity Manager Virtual Appliance
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-4420
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.68%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 18:25
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.

Action-Not Available
Vendor-IBM Corporation
Product-intelligent_operations_center_for_emergency_managementwater_operations_for_waternamicsintelligent_operations_centerIntelligent Operations Center
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-35013
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.3||LOW
EPSS-0.02% / 4.82%
||
7 Day CHG~0.00%
Published-15 Oct, 2023 | 23:43
Updated-16 Sep, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance
CWE ID-CWE-540
Inclusion of Sensitive Information in Source Code
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2011-5066
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-15 Jan, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-3894
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 17.89%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lenovo_7cetb5wwn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1621
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 16.56%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-45638
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.01% / 0.82%
||
7 Day CHG~0.00%
Published-14 Mar, 2025 | 14:49
Updated-16 Jul, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar EDR information disclosure

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-security_qradar_edrlinux_kernelQRadar EDR
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2018-1962
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 13.64%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 21:00
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerSecurity Identity Manager
CWE ID-CWE-384
Session Fixation
CVE-2018-1993
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.06% / 17.95%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 17:00
Updated-16 Sep, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-22366
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.41%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 18:00
Updated-16 Sep, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-2005
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 7.16%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 17:25
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-22414
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 16:25
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsrobotic_process_automationRobotic Process Automation
CVE-2018-1957
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.07% / 21.94%
||
7 Day CHG~0.00%
Published-10 Dec, 2018 | 14:00
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X-Force ID: 153629.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-22457
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.55%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 21:20
Updated-15 Apr, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance, Identity Manager information disclosure

IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-security_verify_governancelinux_kernelSecurity Verify Governance, Identity Manager
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-1937
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 5.69%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 18:00
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2018-1843
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.05% / 14.01%
||
7 Day CHG~0.00%
Published-21 Nov, 2018 | 15:00
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1877
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.69%
||
7 Day CHG~0.00%
Published-02 Nov, 2018 | 15:00
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automation_with_automation_anywhereRobotic Process Automation with Automation Anywhere
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-1874
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 13:20
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1841
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.89%
||
7 Day CHG~0.00%
Published-19 Nov, 2018 | 14:00
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1664
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 16:00
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower GatewaysDataPower Gateway CD
CVE-2018-1725
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.2||LOW
EPSS-0.06% / 16.93%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 16:45
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CVE-2018-1655
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.07% / 21.04%
||
7 Day CHG~0.00%
Published-22 Jun, 2018 | 14:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.

Action-Not Available
Vendor-IBM Corporation
Product-aixAIX
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1623
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.08% / 25.56%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 13:20
Updated-17 Sep, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.

Action-Not Available
Vendor-IBM Corporation
Product-security_privileged_identity_managerSecurity Privileged Identity Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1564
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 13.44%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1650
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-05 Dec, 2018 | 17:00
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_incident_forensicsQRadar SIEM
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-1505
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.69%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 14:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413.

Action-Not Available
Vendor-IBM Corporation
Product-i2_enterprise_insight_analysisi2 Enterprise Insight Analysis
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1498
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 12.70%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 15:00
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-1518
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.95%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 16:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_server_on_cloudinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1377
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.88%
||
7 Day CHG~0.00%
Published-26 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-39077
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.80%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-23 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium information disclosure

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-38949
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 16.54%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 16:55
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelihp-uxwebsphere_mqwindowsmqaixMQ
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-38999
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 16:45
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-38863
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.23%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 16:05
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_bridgeSecurity Verify Bridge
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2005-0261
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 21.81%
||
7 Day CHG~0.00%
Published-10 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2021-39000
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.68%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 16:45
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-39078
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.04% / 9.54%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 16:15
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-38976
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.95%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1784
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 36.57%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 16:00
Updated-16 Sep, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1779
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.89%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 16:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1787
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 10.52%
||
7 Day CHG~0.00%
Published-02 Mar, 2018 | 17:00
Updated-25 Mar, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_lifecycle_optimization_-_publishingRational Publishing Engine
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-1681
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.12% / 31.69%
||
7 Day CHG~0.00%
Published-11 Jan, 2018 | 17:00
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.

Action-Not Available
Vendor-IBM Corporation
Product-libertyLiberty for Java for Bluemix
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1716
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 10.26%
||
7 Day CHG~0.00%
Published-13 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_workload_schedulerTivoli Workload Scheduler
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-1756
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.11% / 30.21%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.

Action-Not Available
Vendor-IBM Corporation
Product-business_process_manager_enterprise_service_busbusiness_process_managerwebsphereBusiness Process Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1679
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.63%
||
7 Day CHG~0.00%
Published-10 Sep, 2018 | 14:00
Updated-16 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.

Action-Not Available
Vendor-IBM Corporation
Product-openpages_grc_platformOpenPages GRC Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-29904
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.99%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-22312
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.54%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 15:41
Updated-10 Jun, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1595
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.14%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1575
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 4.41%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29860
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 14:00
Updated-17 Sep, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 10
  • 11
  • Next
Details not found