Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-39009

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-01 Sep, 2022 | 19:00
Updated At-17 Sep, 2024 | 04:10
Rejected At-
Credits

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:01 Sep, 2022 | 19:00
Updated At:17 Sep, 2024 | 04:10
Rejected At:
▼CVE Numbering Authority (CNA)

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

Affected Products
Vendor
IBM CorporationIBM
Product
Cognos Analytics
Versions
Affected
  • 11.2.0
  • 11.1.7
  • 11.2.1
Problem Types
TypeCWE IDDescription
textN/AObtain Information
Type: text
CWE ID: N/A
Description: Obtain Information
Metrics
VersionBase scoreBase severityVector
3.04.4MEDIUM
CVSS:3.0/C:H/AV:L/AC:L/I:N/S:U/A:N/UI:N/PR:H/RL:O/E:U/RC:C
Version: 3.0
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.0/C:H/AV:L/AC:L/I:N/S:U/A:N/UI:N/PR:H/RL:O/E:U/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6615285
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/213554
vdb-entry
https://security.netapp.com/advisory/ntap-20221014-0005/
N/A
Hyperlink: https://www.ibm.com/support/pages/node/6615285
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/213554
Resource:
vdb-entry
Hyperlink: https://security.netapp.com/advisory/ntap-20221014-0005/
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6615285
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/213554
vdb-entry
x_transferred
https://security.netapp.com/advisory/ntap-20221014-0005/
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6615285
Resource:
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/213554
Resource:
vdb-entry
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20221014-0005/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:01 Sep, 2022 | 19:15
Updated At:03 Nov, 2022 | 19:00

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.04.4MEDIUM
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>cognos_analytics>>Versions from 11.1.0(inclusive) to 11.1.7(exclusive)
cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>Versions from 11.2.0(inclusive) to 11.2.3(exclusive)
cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>11.1.7
cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>11.1.7
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>11.1.7
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>11.1.7
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>11.1.7
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_insight>>-
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-312Primarynvd@nist.gov
CWE ID: CWE-312
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/213554psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://security.netapp.com/advisory/ntap-20221014-0005/psirt@us.ibm.com
Third Party Advisory
https://www.ibm.com/support/pages/node/6615285psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/213554
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20221014-0005/
Source: psirt@us.ibm.com
Resource:
Third Party Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6615285
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

289Records found
CVE-2024-25024
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.18%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 02:42
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite Software information disclosure

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_suitecloud_pak_for_securityCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-25023
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.41%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 23:58
Updated-21 Sep, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite Software information disclosure

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2015-1931
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.86%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 18:42
Updated-06 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

Action-Not Available
Vendor-n/aRed Hat, Inc.IBM CorporationSUSE
Product-enterprise_linux_serverlinux_enterprise_software_development_kitlinux_enterprise_serverenterprise_linux_workstationenterprise_linux_eussatelliteenterprise_linux_desktopjava_sdkn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-10727
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 23.10%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 15:38
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.

Action-Not Available
Vendor-Red Hat, Inc.NetApp, Inc.The Apache Software Foundation
Product-activemq_artemisoncommand_workflow_automationActiveMQ Artemis
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-20408
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-1621
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 16.52%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-31002
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 0.37%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 16:13
Updated-03 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Container information disclosure

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_manager_containerSecurity Verify Access DockerSecurity Verify Access Appliance
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4224
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.04% / 12.94%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 16:45
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.

Action-Not Available
Vendor-IBM Corporation
Product-storediqStoredIQ
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4884
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 16:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-22470
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.01% / 0.46%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 16:39
Updated-10 Apr, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-22478
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.67%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 16:25
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.Apple Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxwindowsspectrum_protect_clientmacosaixSpectrum Protect Client
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-23234
Matching Score-10
Assigner-NetApp, Inc.
ShareView Details
Matching Score-10
Assigner-NetApp, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:12
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-snapcenterSnapCenter
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-22484
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 16:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protectwindowslinux_kernelSpectrum Protect Operations Center
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-22367
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.81%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 18:00
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-4566
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.84%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 13:50
Updated-16 Sep, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-38949
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 16.50%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 16:55
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelihp-uxwebsphere_mqwindowsmqaixMQ
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-24964
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.82%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 16:35
Updated-12 Mar, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-22878
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.82%
||
7 Day CHG~0.00%
Published-19 May, 2023 | 15:53
Updated-21 Jan, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-29904
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4369
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 5.16%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 20:30
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.

Action-Not Available
Vendor-IBM Corporation
Product-verify_gatewayVerify Gateway (IVG)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4944
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 16:00
Updated-17 Sep, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-38863
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 16:05
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_bridgeSecurity Verify Bridge
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-27277
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:07
Updated-14 Feb, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Protect Plus Server information disclosure

The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205.

Action-Not Available
Vendor-IBM Corporation
Product-storage_protect_plusStorage Protect Plus Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-39000
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.68%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 16:45
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5496
Matching Score-8
Assigner-NetApp, Inc.
ShareView Details
Matching Score-8
Assigner-NetApp, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.17% / 39.14%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 20:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

Action-Not Available
Vendor-NetApp, Inc.
Product-data_ontapData ONTAP operating in 7-Mode
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5497
Matching Score-8
Assigner-NetApp, Inc.
ShareView Details
Matching Score-8
Assigner-NetApp, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 20:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

Action-Not Available
Vendor-NetApp, Inc.
Product-clustered_data_ontapClustered Data ONTAP
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-39045
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 22.13%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 19:00
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-0482
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.45%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Action-Not Available
Vendor-n/aNetApp, Inc.Red Hat, Inc.
Product-oncommand_workflow_automationresteasyactive_iq_unified_managerRESTEasy
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CVE-2021-38976
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.88%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-38999
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.80%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 16:45
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-25027
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.49%
||
7 Day CHG+0.01%
Published-31 Mar, 2024 | 11:40
Updated-01 Aug, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Container information disclosure

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access Docker
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2024-25030
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.73%
||
7 Day CHG+0.01%
Published-03 Apr, 2024 | 12:14
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-0371
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 32.37%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.Apple Inc.IBM CorporationMicrosoft Corporation
Product-tivoli_storage_manageraixsolarismac_os_xlinux_kernelhp-uxwindowsTivoli Storage Manager
CVE-2021-38901
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.80%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 18:35
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_operations_centerSpectrum Protect Operations Center
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-22335
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 6.43%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 15:32
Updated-04 Dec, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite information disclosure

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-22312
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 15:41
Updated-10 Jun, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-22338
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 10.18%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 10:36
Updated-14 Aug, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access OIDC Provider information disclosure

IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_oidc_providerSecurity Verify Access OIDC Provider
CWE ID-CWE-20
Improper Input Validation
CVE-2024-22352
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 18:51
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-27315
Matching Score-8
Assigner-NetApp, Inc.
ShareView Details
Matching Score-8
Assigner-NetApp, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.95%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 13:56
Updated-18 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure Vulnerability in SnapGathers

SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials

Action-Not Available
Vendor-NetApp, Inc.
Product-snapgathersSnapGathers
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2015-7462
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.51%
||
7 Day CHG~0.00%
Published-19 Jun, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_mqn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1937
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 5.63%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 18:00
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2015-5013
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.73%
||
7 Day CHG~0.00%
Published-08 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_manager_for_mobile_appliancesecurity_access_manager_for_mobilesecurity_access_manager_for_web_8.0_firmwaresecurity_access_manager_for_web_appliancesecurity_access_manager_9.0security_access_manager_9.0_firmwareAccess Manager
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-1788
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.09% / 26.14%
||
7 Day CHG~0.00%
Published-02 Nov, 2018 | 15:00
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_serverSpectrum Protect
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-50945
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.74%
||
7 Day CHG~0.00%
Published-26 Jan, 2025 | 15:43
Updated-11 Mar, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Licensing information disclosure

IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixcommon_licensinglinux_kernelwindowsCommon Licensing
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-33117
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.62%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel Corporation
Product-xeon_gold_6330hxeon_platinum_8358pxeon_gold_6348xeon_gold_6338xeon_gold_5315yxeon_gold_6354xeon_gold_6342xeon_platinum_8368qxeon_platinum_8352vbiosxeon_platinum_8360hlxeon_platinum_8380xeon_silver_4316xeon_platinum_8358xeon_gold_5318yxeon_platinum_8368xeon_gold_5320hxeon_gold_6312uxeon_platinum_8353hxeon_silver_4310xeon_silver_4310txeon_gold_6338nxeon_platinum_8360yxeon_gold_6330nxeon_platinum_8380hlxeon_gold_5318hxeon_gold_6328hlxeon_platinum_8352yxeon_platinum_8380hxeon_platinum_8376hxeon_gold_5317xeon_gold_6336yxeon_gold_5318nxeon_gold_6330xeon_gold_6346xeon_gold_5318sxeon_gold_6338txeon_silver_4314xeon_platinum_8352mfas\/aff_biosxeon_platinum_8354hxeon_silver_4309yxeon_gold_6348hxeon_gold_6328hxeon_platinum_8356hxeon_platinum_8376hlxeon_gold_6314uxeon_platinum_8352sxeon_gold_6334xeon_platinum_8360hxeon_gold_6326xeon_gold_5320xeon_platinum_8351nxeon_platinum_8362xeon_gold_5320tIntel(R) Xeon(R) Scalable Processors
CVE-2023-47722
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.53%
||
7 Day CHG~0.00%
Published-09 Dec, 2023 | 02:32
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM API Connect information disclosure

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-47745
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.80%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 11:56
Updated-23 Dec, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ Container information disclosure

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.

Action-Not Available
Vendor-IBM Corporation
Product-mq_operatorMQ Operator
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-29759
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.93%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 16:30
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterprise_certified_containerApp Connect Enterprise Certified Container
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-33013
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.73%
||
7 Day CHG-0.00%
Published-24 Jul, 2025 | 14:55
Updated-22 Aug, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ Operator information disclosure

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.

Action-Not Available
Vendor-IBM Corporation
Product-supplied_mq_advanced_container_imagesmq_operatorMQ Operator
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2021-29868
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 8.61%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 16:05
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.

Action-Not Available
Vendor-IBM Corporation
Product-i2_ibasei2 iBase
CWE ID-CWE-613
Insufficient Session Expiration
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found