Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-33167

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-30 Jul, 2024 | 17:05
Updated At-03 Aug, 2024 | 08:01
Rejected At-
Credits

IBM Security Directory Integrator information disclosure

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:30 Jul, 2024 | 17:05
Updated At:03 Aug, 2024 | 08:01
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Security Directory Integrator information disclosure

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.

Affected Products
Vendor
IBM CorporationIBM
Product
Security Directory Integrator
Default Status
unaffected
Versions
Affected
  • 7.2.0
Vendor
IBM CorporationIBM
Product
Security Verify Directory Integrator
Default Status
unaffected
Versions
Affected
  • 10.0.0
Problem Types
TypeCWE IDDescription
CWECWE-1004CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag
Type: CWE
CWE ID: CWE-1004
Description: CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag
Metrics
VersionBase scoreBase severityVector
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7161469
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/228587
vdb-entry
Hyperlink: https://www.ibm.com/support/pages/node/7161469
Resource:
vendor-advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/228587
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7161469
vendor-advisory
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/228587
vdb-entry
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/7161469
Resource:
vendor-advisory
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/228587
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:30 Jul, 2024 | 17:15
Updated At:13 Aug, 2024 | 14:29

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>security_directory_integrator>>7.2.0
cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_verify_directory_integrator>>10.0.0
cpe:2.3:a:ibm:security_verify_directory_integrator:10.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-732Primarynvd@nist.gov
CWE-1004Secondarypsirt@us.ibm.com
CWE ID: CWE-732
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-1004
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/228587psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7161469psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/228587
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7161469
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

463Records found
CVE-2022-43845
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.09% / 24.83%
||
7 Day CHG~0.00%
Published-24 Sep, 2024 | 10:11
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Console information disclosure

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

Action-Not Available
Vendor-IBM Corporation
Product-Aspera Console
CWE ID-CWE-1004
Sensitive Cookie Without 'HttpOnly' Flag
CVE-2019-4214
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.15% / 35.91%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 15:21
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.

Action-Not Available
Vendor-IBM Corporation
Product-smartcloud_analytics_log_analysisSmartCloud Analytics
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2023-38010
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 20:24
Updated-25 Feb, 2026 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-os_image_for_red_hat_linux_systemscloud_pak_systemOS Image for Red Hat Linux SystemsCloud Pak System
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-33850
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.12%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 20:31
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM GSKit-Crypto information disclosure

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationHP Inc.Linux Kernel Organization, Inc
Product-txseries_for_multiplatformhp-uxwindowsaixcics_txlinux_kernelCICS TX StandardTXSeries for MultiplatformsCICS TX Advancedcics_txtxseries_for_multiplatform
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-33837
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.02% / 5.32%
||
7 Day CHG~0.00%
Published-23 Oct, 2023 | 19:47
Updated-19 Sep, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2023-33835
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.98%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 13:04
Updated-27 Sep, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-33855
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.07% / 22.27%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 14:04
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Cryptographic Architecture information disclosure

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.

Action-Not Available
Vendor-IBM Corporation
Product-Common Cryptographic Architecture
CWE ID-CWE-385
Covert Timing Channel
CVE-2023-33849
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.15% / 35.33%
||
7 Day CHG+0.10%
Published-07 Jun, 2023 | 21:24
Updated-06 Jan, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX information disclosure

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.

Action-Not Available
Vendor-HP Inc.IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelcics_txhp-uxaixCICS TX AdvancedCICS TX StandardTXSeries for Multiplatforms
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2023-33847
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.37% / 59.19%
||
7 Day CHG+0.28%
Published-08 Jun, 2023 | 00:35
Updated-06 Jan, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX information disclosure

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.

Action-Not Available
Vendor-HP Inc.IBM CorporationLinux Kernel Organization, Inc
Product-linux_kerneltxseries_for_multiplatformcics_txhp-uxaixCICS TX AdvancedCICS TX StandardTXSeries for Multiplatforms
CVE-2023-32342
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.35%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 21:03
Updated-09 Jan, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM GSKit information disclosure

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828.

Action-Not Available
Vendor-IBM Corporation
Product-http_serverGSKit
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-30994
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.24%
||
7 Day CHG~0.00%
Published-14 Oct, 2023 | 16:48
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar SIEM information disclosure

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29794
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 24.95%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:05
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/impactTivoli Netcool Impact
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-1722
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 15:02
Updated-26 Jan, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2023-29259
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.09% / 25.11%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:14
Updated-21 Oct, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Express for UNIX information disclosure

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_connect\solarislinux_kernelwindowsaixSterling Connect:Express for UNIX
CVE-2025-1719
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 15:01
Updated-26 Jan, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2023-27871
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.99%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 14:29
Updated-25 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex information disclosure

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_kernelaspera_faspexAspera Faspex
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-27877
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.41%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:31
Updated-28 Oct, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_dataPlanning Analytics Cartridge for Cloud Pak for Data
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2025-1759
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 16.97%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 13:58
Updated-21 Aug, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2023-27557
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 01:35
Updated-30 Jan, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Safter Payments information disclosure

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192.

Action-Not Available
Vendor-IBM Corporation
Product-safer_paymentsSafer Payments
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-27291
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.03% / 9.40%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 15:39
Updated-23 Dec, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson CP4D Data Stores information disclosure

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.

Action-Not Available
Vendor-IBM Corporation
Product-watson_cp4d_data_storesWatson CP4D Data Stores
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2000-0497
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 73.09%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2025-1761
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 16.71%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 22:13
Updated-17 Sep, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2025-1721
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 11.17%
||
7 Day CHG+0.01%
Published-26 Dec, 2025 | 12:55
Updated-29 Dec, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BM Concert Software Improper Clearing of Heap Memory Before Release.

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2021-29737
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.59%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 16:00
Updated-16 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-29750
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 17:55
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29704
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 24.95%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 16:05
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-resilient_security_orchestration_automation_and_responseSecurity
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29747
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.49% / 66.09%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 17:10
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CVE-2021-29825
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 53.63%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 15:50
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

Action-Not Available
Vendor-opengroupOracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-solarislinux_kerneldb2windowsaixunixDB2 for Linux, UNIX and Windows
CVE-2023-26271
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.07%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:09
Updated-02 Oct, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Data Encryption information disclosure

IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_cloud_key_managerGuardium Cloud Key Manager
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-29688
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 68.70%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 15:10
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-14480
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 0.87%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 20:41
Updated-05 Mar, 2026 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera faspio Gateway 1.3.7 has addressed a vulnerability affected by weak cryptographic algorithms

IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

Action-Not Available
Vendor-IBM Corporation
Product-aspera_faspio_gatewayAspera faspio Gateway
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-26026
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:36
Updated-25 Oct, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_dataPlanning Analytics Cartridge for Cloud Pak for Data
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-26023
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.77%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:34
Updated-21 Oct, 2024 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_dataSterling Connect:Express for UNIX
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-24960
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.76%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 18:26
Updated-12 Mar, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-20427
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 45.16%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 15:55
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-24959
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.07%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:56
Updated-30 Sep, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-14974
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.09% / 25.42%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:20
Updated-28 Mar, 2026 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-13718
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.02% / 6.64%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 18:33
Updated-18 Mar, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager Information Disclosure

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_kernelsterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-13726
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 17.17%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 18:26
Updated-18 Mar, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager Information Disclosure

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_kernelsterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20407
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 22.78%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-17 Sep, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-22862
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 24.76%
||
7 Day CHG~0.00%
Published-04 Jun, 2023 | 23:42
Updated-08 Jan, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera information disclosure

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_cargoaspera_connectAspera ConnectAspera Cargo
CWE ID-CWE-523
Unprotected Transport of Credentials
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-13616
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 19:53
Updated-04 Mar, 2026 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-datastage_on_cloud_pak_for_dataDataStage on Cloud Pak for Data
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2021-20439
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.66%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:00
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managersecurity_verify_accessSecurity Access ManagerSecurity Verify Access Docker
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-20479
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 26.59%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 16:35
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_systemCloud Pak System
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-22875
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 24.61%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 18:22
Updated-04 Apr, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security QRadar SIEM information disclosure

IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelSecurity QRadar SIEM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-13723
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.70%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 18:32
Updated-18 Mar, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager Information Disclosure

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_kernelsterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-324
Use of a Key Past its Expiration Date
CVE-2023-23474
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.05% / 15.31%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 17:15
Updated-07 Jan, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controllercognos_controller
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20409
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 26.21%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 196188.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-13108
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 10.67%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 19:11
Updated-26 Feb, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2_merge_backupDB2 Merge Backup for Linux, UNIX and Windows
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2021-20400
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 17:05
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-326
Inadequate Encryption Strength
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found