Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-41291

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-07 Oct, 2022 | 17:00
Updated At-16 Sep, 2024 | 18:23
Rejected At-
Credits

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:07 Oct, 2022 | 17:00
Updated At:16 Sep, 2024 | 18:23
Rejected At:
▼CVE Numbering Authority (CNA)

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.

Affected Products
Vendor
IBM CorporationIBM
Product
InfoSphere Information Server
Versions
Affected
  • 11.7
Problem Types
TypeCWE IDDescription
textN/AGain Access
Type: text
CWE ID: N/A
Description: Gain Access
Metrics
VersionBase scoreBase severityVector
3.06.3MEDIUM
CVSS:3.0/S:U/AC:L/I:L/A:L/UI:N/PR:N/AV:A/C:L/RL:O/E:U/RC:C
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/S:U/AC:L/I:L/A:L/UI:N/PR:N/AV:A/C:L/RL:O/E:U/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6823109
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/236699
vdb-entry
Hyperlink: https://www.ibm.com/support/pages/node/6823109
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/236699
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6823109
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/236699
vdb-entry
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6823109
Resource:
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/236699
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:07 Oct, 2022 | 17:15
Updated At:09 Oct, 2022 | 02:40

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Secondary3.06.3MEDIUM
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
IBM Corporation
ibm
>>aix>>-
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>infosphere_information_server>>11.7
cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-613Primarynvd@nist.gov
CWE ID: CWE-613
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/236699psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6823109psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/236699
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6823109
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

126Records found
CVE-2024-38315
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 15:05
Updated-20 Sep, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Shares session fixation

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_sharesAspera Shares
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-40230
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.29%
||
7 Day CHG-0.06%
Published-03 Nov, 2022 | 00:00
Updated-02 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532."

Action-Not Available
Vendor-n/aIBM Corporation
Product-mq_applianceIBM MQ Appliance
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-22371
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.95%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 17:31
Updated-10 Apr, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator Standard Edition session fixation

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-sterling_b2b_integratoraixwindowslinux_kernelSterling B2B Integrator Standard Edition
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-36063
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 7.00%
||
7 Day CHG-0.01%
Published-20 Jan, 2026 | 15:10
Updated-05 Feb, 2026 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_connect\Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-36040
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.98%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 23:48
Updated-06 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex session fixation

IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_faspexAspera Faspex
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2021-20473
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 25.37%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 18:05
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-45651
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.13% / 32.97%
||
7 Day CHG+0.09%
Published-18 Apr, 2025 | 11:04
Updated-01 Sep, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Direct Web Services session fixation

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-sterling_connect_direct_web_serviceslinux_kernelaixwindowsSterling Connect:Direct Web Services
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-36065
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 7.00%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 15:12
Updated-03 Feb, 2026 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_connect\Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2023-40376
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.66%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 13:46
Updated-19 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Deploy (UCD) improper authentication controls

IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2023-40363
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.04% / 10.75%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 17:14
Updated-21 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server privilege escalation

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-47726
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.25%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 12:13
Updated-03 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
f2fs: fix to wait dio completion

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CVE-2023-38263
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.21%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 03:33
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM SOAR QRadar Plugin App improper access controls

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577.

Action-Not Available
Vendor-IBM Corporation
Product-soar_qradar_plugin_appSOAR QRadar Plugin App
CWE ID-CWE-284
Improper Access Control
CVE-2023-38370
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.33%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:27
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager Docker
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-36871
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.19%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Active Directory Security Feature Bypass Vulnerability

Azure Active Directory Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows Server 2016
CVE-2023-35348
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.63%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Federation Service Security Feature Bypass Vulnerability

Active Directory Federation Service Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2016
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-4348
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.31%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 13:15
Updated-16 Sep, 2024 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-862
Missing Authorization
CVE-2020-4592
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 17:20
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CVE-2020-4648
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.10%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 12:35
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CVE-2021-40460
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.30% / 79.40%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:26
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2023-33142
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 80.46%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-28 Feb, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Elevation of Privilege Vulnerability

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-285
Improper Authorization
CVE-2019-1330
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-10.73% / 93.16%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CVE-2019-1260
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-10.73% / 93.16%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CVE-2019-0757
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.39% / 89.90%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 01:51
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

Action-Not Available
Vendor-mono-projectRed Hat, Inc.Microsoft CorporationApple Inc.
Product-.net_core_sdkenterprise_linux_server_ausmono_frameworkenterprise_linuxenterprise_linux_eusmacosnuget.net_coreenterprise_linux_server_tusvisual_studio_2017Microsoft Visual Studio.NET Core SDKMono FrameworkNuget
CVE-2018-8654
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.62% / 90.99%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 20:50
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 8
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39017
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:15
Updated-25 Mar, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-engineering_lifecycle_optimization_-_publishingengineering_lifecycle_optimization_publishingwindowslinux_kernelEngineering Lifecycle Optimization Publishing
CVE-2025-25005
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.49%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Tampering Vulnerability

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTMMicrosoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15
CWE ID-CWE-20
Improper Input Validation
CVE-2022-46774
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.21%
||
7 Day CHG~0.00%
Published-15 Mar, 2023 | 18:21
Updated-26 Feb, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Manage Application security bypass

IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.

Action-Not Available
Vendor-IBM Corporation
Product-manage_applicationmaximo_application_suiteManage Application
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-48802
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Server Spoofing Vulnerability

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022windows_server_2022_23h2windows_11_22h2Windows Server 2022Windows 11 Version 23H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-46773
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 6.12%
||
7 Day CHG~0.00%
Published-15 Mar, 2023 | 19:57
Updated-26 Feb, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation security bypass

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automationrobotic_process_automation_as_a_servicerobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-287
Improper Authentication
CVE-2025-60722
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.84%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-13 Feb, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OneDrive for Android Elevation of Privilege Vulnerability

Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-onedriveOneDrive for Android
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-20812
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LDAP Tampering Vulnerability

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_11_23h2windows_11_25h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 21H2Windows 11 Version 25H2
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43883
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.02%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 20:47
Updated-16 Apr, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics data manipulation

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analyticsCognos Analytics
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2018-21033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.11% / 29.99%
||
7 Day CHG~0.00%
Published-14 Feb, 2020 | 15:51
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, IncHitachi, Ltd.Microsoft Corporation
Product-solarislinux_kernelinfrastructure_analytics_advisorcompute_systems_managerglobal_link_managerautomation_directorwindowstuning_managerreplication_managerdevice_managertiered_storage_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33637
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 68.19%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for Endpoint Tampering Vulnerability

Microsoft Defender for Endpoint Tampering Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_endpointMicrosoft Defender for Endpoint for Linux
CVE-2022-34334
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.03%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 20:43
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-384
Session Fixation
CVE-2021-38624
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.64%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Key Storage Provider Security Feature Bypass Vulnerability

Windows Key Storage Provider Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2019-4556
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.70%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:41
Updated-16 Sep, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_advisor_with_watsonQradar Advisor
CVE-2019-4530
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.81%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 16:16
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CVE-2019-4058
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.01%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 17:25
Updated-16 Sep, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix Platform
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-29770
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 12:10
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsi2_analyzelinux_kerneli2 Analyze
CWE ID-CWE-20
Improper Input Validation
CVE-2021-28444
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.7||MEDIUM
EPSS-9.65% / 92.72%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Security Feature Bypass Vulnerability

Windows Hyper-V Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2023-50946
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.27%
||
7 Day CHG~0.00%
Published-26 Jan, 2025 | 15:44
Updated-11 Mar, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Licensing information disclosure

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixcommon_licensinglinux_kernelwindowsCommon Licensing
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-46169
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.33%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 20:42
Updated-11 Mar, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM DS8900F file manipulation

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily delete a file. IBM X-Force ID: 269406.

Action-Not Available
Vendor-IBM Corporation
Product-ds8900f_firmwareds8900fDS8900F
CWE ID-CWE-41
Improper Resolution of Path Equivalence
CVE-2023-45188
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.00%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:15
Updated-02 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751.

Action-Not Available
Vendor-IBM Corporation
Product-Engineering Lifecycle Optimization Publishing
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-43037
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 13:19
Updated-16 Aug, 2025 | 23:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Application Suite improper access control

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suiteMaximo Application Suite
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22445
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-0.22% / 44.35%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 17:00
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.

Action-Not Available
Vendor-IBM Corporation
Product-powervm_hypervisorPowerVM Hypervisor
CVE-2022-22411
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 16:50
Updated-17 Sep, 2024 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_scale_data_access_serviceslinux_kernelSpectrum Scale DAS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-22475
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.09% / 24.84%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 16:25
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.

Action-Not Available
Vendor-IBM Corporation
Product-open_libertywebsphere_application_serverWebSphere Application Server Liberty
CVE-2025-0799
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.75%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:24
Updated-12 Aug, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise Arbitrary File Write

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterpriseIBM App Connect Enterprise
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-36115
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 7.00%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 15:18
Updated-03 Feb, 2026 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_connect\Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0
CWE ID-CWE-384
Session Fixation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found