Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-43880

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-03 Mar, 2024 | 15:34
Updated At-16 Apr, 2025 | 16:03
Rejected At-
Credits

IBM QRadar WinCollect Agent

IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:03 Mar, 2024 | 15:34
Updated At:16 Apr, 2025 | 16:03
Rejected At:
▼CVE Numbering Authority (CNA)
IBM QRadar WinCollect Agent

IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.

Affected Products
Vendor
IBM CorporationIBM
Product
QRadar WinCollect Agent
Default Status
unaffected
Versions
Affected
  • From 10.0 through 10.1.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6980843
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/240151
vdb-entry
Hyperlink: https://www.ibm.com/support/pages/node/6980843
Resource:
vendor-advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/240151
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6980843
vendor-advisory
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/240151
vdb-entry
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6980843
Resource:
vendor-advisory
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/240151
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:03 Mar, 2024 | 16:15
Updated At:24 Apr, 2025 | 14:01

IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CPE Matches
IBM Corporation
ibm
>>qradar_wincollect>>Versions from 10.0(inclusive) to 10.1.2(inclusive)
cpe:2.3:a:ibm:qradar_wincollect:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Secondarypsirt@us.ibm.com
CWE-918Primarynvd@nist.gov
CWE ID: CWE-400
Type: Secondary
Source: psirt@us.ibm.com
CWE ID: CWE-918
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/240151psirt@us.ibm.com
Vendor Advisory
https://www.ibm.com/support/pages/node/6980843psirt@us.ibm.com
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/240151af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.ibm.com/support/pages/node/6980843af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/240151
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6980843
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/240151
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6980843
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

105Records found
CVE-2016-6001
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.14% / 34.48%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

Action-Not Available
Vendor-IBM Corporation
Product-forms_experience_builderForms Experience Builder
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4365
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.22%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4786
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.22%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 16:35
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4529
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.57%
||
7 Day CHG-0.13%
Published-08 Jun, 2020 | 12:55
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2016-5968
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.74%
||
7 Day CHG~0.00%
Published-25 Nov, 2016 | 03:38
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tealeaf_customer_experiencen/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-5023
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.73%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 17:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-43740
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.32%
||
7 Day CHG~0.00%
Published-14 Oct, 2023 | 15:13
Updated-16 Sep, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access denial of service

IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_oidc_providerSecurity Verify Access
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-22329
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 5.68%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 01:21
Updated-23 Oct, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server server-side request forgery

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.

Action-Not Available
Vendor-IBM Corporation
Product-WebSphere Application Server LibertyWebSphere Application Serverwebsphere_application_server_libertywebsphere_application_server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-39164
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.64%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 19:26
Updated-10 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX denial of service

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIX
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-38708
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.52%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 20:12
Updated-17 Apr, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics server-side request forgery

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analyticsCognos Analytics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-39165
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 18:48
Updated-15 Apr, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX denial of service

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIX
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-33168
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.77%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 01:19
Updated-12 Dec, 2024 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Suite VA denial of service

IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_suite_vaSecurity Directory Suite VA
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-34335
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 23.06%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 16:42
Updated-08 Apr, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager denial of service

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_kernelsterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-31776
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.97%
||
7 Day CHG~0.00%
Published-31 Jul, 2022 | 16:07
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-35282
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 15:55
Updated-20 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-2987
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.8||LOW
EPSS-0.04% / 10.83%
||
7 Day CHG+0.01%
Published-21 Apr, 2025 | 23:24
Updated-13 Aug, 2025 | 00:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Asset Management server-side request forgery

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-27907
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.04% / 10.95%
||
7 Day CHG+0.01%
Published-22 Apr, 2025 | 16:20
Updated-18 Jul, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server server-side request forgery

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM CorporationOracle CorporationMicrosoft CorporationLinux Kernel Organization, IncHP Inc.
Product-linux_kernelwindowswebsphere_application_serveraixsolarishp-uxiz\/osWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-47150
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.16%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 14:01
Updated-05 Aug, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Cryptographic Architecture denial of service

IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.

Action-Not Available
Vendor-IBM Corporation
Product-Common Cryptographic Architecturecommon_cryptographic_architecture
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-22416
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.78%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 16:25
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.

Action-Not Available
Vendor-IBM Corporation
Product-partner_engagement_managerpartner_engagement_manager_on_cloud\/saasSterling Partner Engagement Manager on CloudSterling Partner Engagement Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-22339
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.65%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 15:30
Updated-17 Sep, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20483
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 35.20%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 16:15
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4882
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 31.97%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 17:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-1142
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.19%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 14:44
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Edge Application Manager server-side request forgery

IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-Edge Application Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-32341
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 9.44%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:58
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator denial of service

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-38741
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 27.27%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 17:19
Updated-09 Oct, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformlinux_kernelhp-uxwindowsaixTXSeries for Multiplatformstxseries_for_multiplatforms
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-38737
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.91%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 18:07
Updated-02 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server Liberty
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-32337
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.72%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 01:17
Updated-13 Nov, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Spatial Asset Management server-side request forgery

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suitemaximo_asset_managementMaximo Spatial Asset Management
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-35896
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 13.30%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 02:14
Updated-04 Sep, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Content Navigator server-side request forgery

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelcontent_navigatorContent Navigator
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-30999
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.93%
||
7 Day CHG~0.00%
Published-03 Feb, 2024 | 00:31
Updated-02 Aug, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager denial of service

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accesssecurity_verify_access_dockerSecurity Verify Access ApplianceSecurity Verify Access Dockersecurity_verify_accesssecurity_verify_access_docker
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-35011
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.34%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 22:46
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics server-side request forgey

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analyticsCognos Analytics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-30444
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.36%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 12:52
Updated-30 Jan, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350.

Action-Not Available
Vendor-IBM Corporation
Product-watson_machine_learning_on_cloud_pak_for_dataWatson Machine Learning on Cloud Pak for Data
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-49822
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.04% / 8.65%
||
7 Day CHG+0.01%
Published-18 Mar, 2025 | 14:19
Updated-14 Aug, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Advisor server-side request forgery

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_advisorQRadar Advisor with Watson
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-39051
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.12% / 31.14%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 16:45
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_copy_data_managementSpectrum Copy Data Management
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-39739
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-15 Jul, 2024 | 01:25
Updated-02 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Datacap Navigator server-side request forgery

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008.

Action-Not Available
Vendor-IBM Corporation
Product-datacapdatacap_navigatorDatacap Navigator
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20535
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 27.28%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 15:30
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834.

Action-Not Available
Vendor-IBM Corporation
Product-jazz_reporting_serviceJazz Reporting Service
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20480
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.03%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 12:20
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20544
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.71%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 16:15
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-jazz_team_serverwindowslinux_kernelJazz Team Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4956
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 45.07%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 15:05
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_operations_centerSpectrum Protect Operations Center
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-4632
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 13:35
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_metadata_asset_managerInfoSphere Information Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4294
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4766
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.96% / 75.55%
||
7 Day CHG~0.00%
Published-22 Jan, 2021 | 16:50
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.

Action-Not Available
Vendor-IBM Corporation
Product-mq_internet_pass-thruMQ Internet Pass-Thru
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-4787
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.04% / 10.74%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 16:35
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-3735
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 28.35%
||
7 Day CHG+0.08%
Published-26 Aug, 2022 | 15:25
Updated-28 Feb, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxQEMU
Product-qemudebian_linuxQEMU
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-667
Improper Locking
CVE-2024-20959
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 18.34%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 21:41
Updated-03 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-zfs_storage_appliance_kitSun ZFS Storage Appliance Kit (AK) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-0008
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 33.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 12:47
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_controller_e810ethernet_controller_e810_firmwareIntel(R) Ethernet Adapters 800 Series Controllers and associated adapters
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-0092
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 20.72%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel Corporation
Product-core_i7-6870hqxeon_e-2286gatom_c3950core_i3-9100ecore_i3-10100xeon_silver_4109tcore_i3-7300core_i5-1038ng7core_i5-11400core_i9-7900xcore_i7-10510yxeon_d-1548xeon_bronze_3106xeon_platinum_8260yxeon_d-1633nxeon_d-1653nxeon_platinum_8153xeon_e-2246gcore_i5-6350hqcore_i9-9960xcore_i3-6300txeon_e-2374gxeon_gold_5218txeon_w-2123core_i5-11260hxeon_e-2236xeon_gold_5218nxeon_w-1270exeon_d-1531core_i5-6500tcore_i5-7500core_i5-6260uxeon_e-2278gecore_i5-7440hqxeon_platinum_8156core_i7-8709gatom_c3758xeon_d-2177ntxeon_gold_6142fxeon_silver_4214ycore_i9-11900kfxeon_w-10855mxeon_gold_6230txeon_silver_4210rxeon_w-1270xeon_w-3235core_i9-10900txeon_e-2126gcore_i5-8200ycore_i7-10700tecore_i9-10900kxeon_gold_5220rcore_i5-8260ucore_i5-11400fxeon_w-11955mcore_i5-10400txeon_w-1290ecore_i7-1185g7core_i7-9700kfcore_i9-10900xxeon_platinum_9221xeon_d-2142itcore_m7-6y75xeon_w-3335core_i9-11900kcore_i5-10500hxeon_w-11555mrecore_i5-10600kfxeon_e-2146gcore_i3-1005g1core_i7-1068ng7xeon_silver_4112xeon_gold_6140xeon_d-1637core_i5-9400fcore_i3-10100ecore_i7-6800kcore_i7-7560uatom_c3538core_i7-9700txeon_gold_5120xeon_gold_6238core_i5-11600kfcore_i5-7600tcore_i7-4820kxeon_d-1602core_i5-8365uatom_c3508xeon_w-2245core_i5-9600kfxeon_d-2145ntxeon_platinum_8256xeon_gold_6130fxeon_e-2276mxeon_e-2224gcore_i5-8269uxeon_d-2163itcore_i3-1120g4core_i7-3930kcore_i5-11400hcore_i9-11900hxeon_d-1623ncore_i7-1185g7ecore_i7-10810ucore_i3-10300txeon_d-1521core_i3-8100core_i3-8145uecore_i5-1130g7core_i9-11900core_i5-6585rcore_i5-9600kxeon_gold_6144core_i5-8265ucore_i7-10700tcore_i9-9900kfcore_i3-7100core_m5-6y54core_i5-6300hqxeon_gold_5118core_i5-1145g7core_i5-9300hcore_i5-10500ecore_i7-10750hcore_i9-10850kxeon_silver_4114tcore_i5-8500bxeon_d-2143itxeon_silver_4209txeon_e-2226gexeon_gold_6212ucore_i5-6600core_i3-8100hcore_i7-8706gcore_i3-6300core_i9-11900fxeon_silver_4215xeon_gold_6230ncore_i9-10920xcore_i9-11950hatom_c3750xeon_gold_6138pcore_i7-1195g7core_i5-10310ucore_i9-10885hcore_i7-8557ucore_i5-7440eqcore_i3-6320xeon_e-2386gcore_i7-1165g7core_m3-7y32core_i7-11850hexeon_e-2134xeon_w-1290tecore_i5-1145g7ecore_i5-6440eqcore_i5-1030g7core_i9-10980hkxeon_e-2176mxeon_w-11155mlexeon_gold_6130xeon_silver_4210txeon_e-2274gxeon_gold_6136core_i5-6287ucore_i7-8500yxeon_w-3323core_i5-9600tatom_c3558rcore_i9-7960xxeon_w-1370atom_c3808core_i5-9600xeon_d-1559xeon_gold_6134xeon_w-3375xeon_e-2174gcore_i5-8600txeon_d-1537xeon_gold_5218bxeon_gold_6128core_i7-1180g7xeon_e-2176gxeon_e-2288gcore_i3-6100hcore_i7-7500uxeon_gold_6146xeon_w-1370pxeon_gold_6254core_i3-10320xeon_gold_5218rcore_i3-10105fxeon_w-2235core_i3-6098pcore_i5-6400xeon_d-1649nxeon_w-3175xcore_i7-10875hxeon_w-3225core_i3-7101tecore_i7-7700xeon_d-1540core_i3-11100hecore_i5-10400hxeon_gold_6246rcore_i5-7300hqxeon_d-1513nxeon_w-10885mxeon_gold_6126xeon_d-1527core_i9-9940xcore_i9-9900xcore_i5-6600kcore_i9-7940xcore_i7-9700exeon_e-2254mecore_i7-9700tecore_i7-6700txeon_gold_6248rxeon_silver_4214xeon_w-2125xeon_platinum_9222core_i3-10105tcore_i5-11300hcore_i5-6500texeon_gold_5220sxeon_platinum_8260core_i5-6500core_i3-1000g4core_i3-9100hlcore_i9-10900kfcore_i3-10100tatom_c3858xeon_d-2146ntxeon_e-2144gcore_i9-9980hkxeon_w-11555mlecore_i5-11500hexeon_e-2244gcore_i3-7100tcore_i3-6102exeon_w-1390txeon_silver_4216core_i5-1140g7core_i7-11700kfcore_i7-10610ucore_i7-6770hqxeon_platinum_8180xeon_platinum_8276lxeon_gold_6138tcore_i7-7740xcore_i7-11375hcore_i7-7y75core_i7-8559ucore_i5-9500eatom_c3850core_i5-11500txeon_e-2124gcore_i7-4930kcore_i5-9400core_i7-4960xcore_i7-5960xcore_i7-6600uxeon_gold_6138core_i7-1185grecore_i3-10325xeon_gold_6138fxeon_e-2356gcore_i7-8700xeon_d-1557core_i3-7130ucore_i5-8400atom_c3436lxeon_w-3245mxeon_e-2334core_i7\+8700core_i7-9850hatom_c3708xeon_w-1350core_i5-7600core_i9-10980xecore_i7-6500ucore_i5-1035g1xeon_w-11865mlecore_i7-11850hxeon_w-1290xeon_e-2186gxeon_silver_4210core_i3-10110uxeon_gold_6234atom_c3336core_i7-4930mxxeon_w-1350pcore_i9-10900xeon_w-1250core_i5-9400tcore_i5-7360ucore_i5-7300ucore_i7-11800hcore_i3-10300core_i5-6600tcore_i7-8565uxeon_gold_6154xeon_silver_4110core_i7-7700katom_c3830xeon_platinum_8176core_i7-10870hcore_i3-10100fcore_i7-10510uxeon_bronze_3104xeon_w-1290pcore_i5-8310yxeon_gold_5217core_i5-6440hqcore_i7-6850kxeon_gold_5120txeon_e-2324gxeon_w-3245core_i7-6660ucore_i9-7980xecore_i3-6100exeon_gold_6210ucore_i5-7200uxeon_gold_5115core_i7-9700fxeon_w-3345core_i5-10210ucore_i7-6820hqxeon_d-1528xeon_w-2295xeon_e-2234core_i3-9100tcore_i5-10500core_i5-8400bcore_i3-7100hcore_i7-8850hxeon_gold_5215core_i3-6100ucore_i9-9900kscore_i9-7920xxeon_w-11865mrecore_i5-11600kcore_i9-10900tecore_i9-8950hkcore_i5-6360ucore_i3-6157ucore_i5-9500fcore_i3-10100yxeon_e-2378core_i7-7820xcore_i3-1115g4ecore_i5-10600tcore_i5-7640xcore_i7-7800xxeon_w-3275mxeon_gold_6250lcore_i5-9400hxeon_gold_6209ucore_i9-9920xxeon_platinum_8253xeon_gold_6252ncore_i7-7660ucore_i3-9320xeon_platinum_8158core_i7-7700hqatom_c3308xeon_platinum_8280core_i5-6402pcore_m3-7y30xeon_w-11155mrexeon_gold_6252xeon_w-2135core_i3-10105core_i5-11400tcore_i7-11700kcore_i7-4940mxcore_i7-8550uxeon_e-2276mlxeon_gold_6246xeon_silver_4214rcore_i9-10940xcore_i7-9700core_i7-6700hqcore_i3-8300core_i7-9850hexeon_gold_6230rcore_i7-10700kfcore_i5-8400tcore_i5-7500txeon_d-2187ntxeon_silver_4116tcore_i7-1065g7xeon_d-1518core_i7-9800xxeon_silver_4208core_i5-6267ucore_i3-1000g1xeon_gold_6126txeon_w-2225xeon_silver_4116xeon_e-2276mecore_i5-7y54xeon_w-1250ecore_i5-7400core_i7-6950xfas\/aff_biosxeon_platinum_8160fxeon_platinum_8164core_i7-6567uxeon_platinum_8176fxeon_gold_5215lcore_i5-7287uxeon_platinum_8168core_i7-3970xcore_i7-3960xcore_i7-11600hcore_i7-7920hqcore_i7-10700core_i5-1145grecore_i3-7020uxeon_d-1533nxeon_gold_6240lxeon_w-3265mxeon_gold_6248core_i5-1135g7xeon_w-2195xeon_e-2136core_i5-9300hfxeon_w-1270pcore_i3-1115g4xeon_gold_6258rxeon_platinum_9282core_i3-8145ucore_i3-9300core_i5-10400xeon_d-2173itxeon_d-2161icore_i7-7567uxeon_w-1250pcore_i7-8700kcore_i5-1155g7core_i3-9300tcore_i7-7820hqcore_i7-7820eqcore_i7-9700kxeon_d-2123itxeon_platinum_8160tcore_i3-8109ucore_i5-8365uexeon_gold_6142core_i3-1110g4xeon_bronze_3206rxeon_gold_6148core_i7-3820xeon_w-3275xeon_gold_6240core_i3-7320core_i7-10700ecore_i5-8350ucore_i7-3940xmxeon_gold_5220xeon_gold_6126fcore_i3-10100tecore_m5-6y57xeon_e-2388gcore_i7-11390hxeon_platinum_8268xeon_e-2226gcore_i5-7y57core_i7-6700texeon_gold_6240rcore_i7-3920xmcore_i5-7260uxeon_e-2278gxeon_silver_4215rcore_i9-10900ecore_i3-9100core_i7-9750hxeon_e-2124core_i5-8250ucore_i5-8600core_i9-11980hkxeon_w-3265core_i5-10500tecore_i5-11500core_i3-6100tecore_i7-11700xeon_platinum_8160xeon_gold_5119tcore_i7-8700bcore_i5-10500txeon_gold_6148fcore_i5-10600core_i5-10310yxeon_w-1250texeon_gold_6208ucore_i3-9100teatom_c3338core_i5-8259uxeon_gold_6242core_i7-10700kxeon_e-2336xeon_d-1627xeon_e-2186mxeon_e-2286mcore_i9-9880hcore_i7-6650ucore_i7-11370hcore_i5-7442eqcore_i7-8665uecore_i3-8130ucore_i3-7167ucore_i3-8300tcore_i5-11500hcore_i5-1035g4core_i5-11600tcore_i7-8650ucore_i5-10200hcore_i9-9900kcore_i7-8705gxeon_platinum_8276xeon_d-1529xeon_gold_5220tcore_i7-5930kcore_i5-10400fcore_i7-1160g7core_i7-7600uxeon_gold_6244xeon_gold_6242rcore_i3-7100exeon_w-2275xeon_w-2265core_i5-9500xeon_gold_6226rcore_i3-7101ecore_i9-9900xeon_bronze_3204core_i9-9820xxeon_d-1567xeon_w-3365core_i7-9850hlcore_i5-8400hcore_i5-6300ucore_m3-6y30core_i7-9750hfxeon_d-2141ixeon_w-2175xeon_silver_4108core_i3-10110ycore_i5-1035g7core_i7-7820hkxeon_e-2254mlxeon_w-11855mcore_i5-8305gcore_i3-6100xeon_gold_6240ycore_i3-9350kxeon_gold_6238lxeon_w-1390cloud_backupcore_i3-1115grecore_i5-11600core_i5-7400tcore_i7-11700fcore_i3-6100tcore_i7-8750hcore_i7-8665ucore_i3-10305txeon_d-2183itcore_i5-8300hcore_i3-8140ucore_i3-8350kcore_i5-10600kcore_i7-8086kxeon_gold_5222core_i7-10850hxeon_d-1523nxeon_gold_6256core_i5-9500teatom_c3958xeon_gold_6130tatom_c3338rxeon_d-1520core_i3-8100bcore_i3-6167ucore_i5-8279uxeon_platinum_8280lcore_m3-8100ycore_i5-7267ucore_i5-8600kcore_i3-7100uxeon_d-1543ncore_i5-6442eqcore_i7-8700txeon_silver_4114xeon_d-1541core_i7-11700txeon_d-1622xeon_platinum_9242core_i7-6700kcore_i7-6970hqxeon_w-2223core_i7-6822eqcore_i3-7300txeon_gold_6238tatom_c3955core_i5-8500core_i9-11900tcore_i5-8210ycore_i7-6785rcore_i7-6560ucore_i7-1060g7core_i5-8257ucore_i7-8569ucore_i7-5820kcore_i9-9900tcore_i7-6900kcore_i7-7700tcore_i9-9980xeatom_c3558core_i5-6685rxeon_w-2133xeon_gold_6250core_i3-9350kfxeon_platinum_8260lxeon_platinum_8270xeon_w-1290tcore_i5-8500tcore_i7-8809gxeon_gold_6226core_i5-11320hxeon_d-1577xeon_gold_6132xeon_e-2314core_i5-6400tcore_i3-10305xeon_d-2166ntcore_i3-7350kxeon_w-1390pcore_i5-10505xeon_d-1539core_i7-6700core_i7-6820eqcore_i7-6920hqcore_i5-7600kcore_i7-6820hkxeon_w-2255xeon_gold_6262vcore_i3-6006ucore_i7-10710ucore_i5-10210ycore_i5-10300hxeon_w-1270texeon_e-2224xeon_gold_5218xeon_w-2145xeon_gold_6238rcore_i3-9100fxeon_platinum_8170core_i9-10900fcore_i3-1125g4xeon_e-2278gelxeon_d-1553ncore_i5-1030g4xeon_e-2378gcore_i3-8100tcore_i5-9500txeon_w-3223xeon_w-2155xeon_gold_6152core_i3-7102exeon_gold_6150xeon_e-2276gcore_i5-6200uxeon_gold_6222vcore_i7-10700fxeon_d-1571xeon_gold_5122atom_c3758rxeon_gold_6230Intel(R) Processors
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-4162
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 00:14
Updated-30 Sep, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“.

Action-Not Available
Vendor-Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-fabric_operating_systemFabric OS
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-28938
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-3.4||LOW
EPSS-0.02% / 4.52%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:36
Updated-02 Oct, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.

Action-Not Available
Vendor-mdadm_projectn/a
Product-mdadmIntel(R) SSD Tools software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50096
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.17%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-16 Jul, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-3698
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 8.81%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:40
Updated-17 Sep, 2024 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.

Action-Not Available
Vendor-Lenovo Group Limited
Product-diagnosticshardwarescan_pluginDiagnosticsHardwareScanPlugin
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found