Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-35898

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-19 Jul, 2023 | 00:46
Updated At-21 Oct, 2024 | 14:08
Rejected At-
Credits

IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:19 Jul, 2023 | 00:46
Updated At:21 Oct, 2024 | 14:08
Rejected At:
▼CVE Numbering Authority (CNA)
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.

Affected Products
Vendor
IBM CorporationIBM
Product
InfoSphere Information Server
Default Status
unaffected
Versions
Affected
  • 11.7
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7009205
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/259352
vdb-entry
Hyperlink: https://www.ibm.com/support/pages/node/7009205
Resource:
vendor-advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/259352
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7009205
vendor-advisory
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/259352
vdb-entry
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/7009205
Resource:
vendor-advisory
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/259352
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:19 Jul, 2023 | 01:15
Updated At:28 Jul, 2023 | 15:45

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>infosphere_information_server>>11.7
cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
IBM Corporation
ibm
>>aix>>-
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-200Secondarypsirt@us.ibm.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-200
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/259352psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7009205psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/259352
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7009205
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2725Records found
CVE-2021-39019
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.59%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:15
Updated-25 Mar, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-engineering_lifecycle_optimization_-_publishingengineering_lifecycle_optimization_publishingwindowslinux_kernelEngineering Lifecycle Optimization Publishing
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-39089
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.46%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 18:14
Updated-31 Mar, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-cloud_pak_for_securitylinux_kernelCloud Pak for Security
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-49877
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.83%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 20:36
Updated-02 Aug, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM System Storage Virtualization Engine information disclosure

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651.

Action-Not Available
Vendor-IBM Corporation
Product-virtualization_engine_ts7760_3957-vecvirtualization_engine_ts7770_3957-ved_firmwarevirtualization_engine_ts7770_3948-vedvirtualization_engine_ts7760_3957-vec_firmwarevirtualization_engine_ts7770_3957-vedvirtualization_engine_ts7770_3948-ved_firmwareSystem Storage Virtualization Engine
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-31173
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.94% / 85.90%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-28 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationsharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1464
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 49.68%
||
7 Day CHG~0.00%
Published-17 May, 2018 | 21:00
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_virtualizestorwize_v3500_firmwarestorwize_v3500spectrum_virtualize_for_public_cloudstorwize_v5000_firmwarestorwize_v7000_firmwarestorwize_v3700_firmwarestorwize_v7000storwize_v9000_firmwarestorwize_v3700storwize_v5000san_volume_controllersan_volume_controller_firmwarestorwize_v9000FlashSystem V9000Spectrum Virtualize for Public CloudStorwize V7000 (2076)SAN Volume ControllerStorwize V5000Spectrum Virtualize SoftwareStorwize V3500Storwize V3700
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-47146
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.31%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 22:04
Updated-02 Aug, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar SIEM information disclosure

IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-45189
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.64%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 22:51
Updated-05 Sep, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automation_for_cloud_pakRobotic Process AutomationRobotic Process Automation for Cloud Pak
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1734
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.89%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 13:45
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_quality_managerrational_team_concertrational_collaborative_lifecycle_managementrational_rhapsody_design_managerrhapsody_model_managerrational_software_architect_design_managerRational Collaborative Lifecycle Management
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-43041
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.92%
||
7 Day CHG~0.00%
Published-29 Oct, 2023 | 00:49
Updated-06 Sep, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar information disclosure

IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-36894
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.36% / 79.36%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-28 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-35900
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.31%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 00:58
Updated-21 Oct, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft CorporationIBM Corporation
Product-robotic_process_automationrobotic_process_automation_as_a_serviceopenshiftwindowsrobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-33848
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 17.05%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 20:13
Updated-06 Jan, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX information disclosure

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104.

Action-Not Available
Vendor-HP Inc.IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelcics_txhp-uxaixCICS TX AdvancedCICS TX StandardTXSeries for Multiplatforms
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-36777
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.11%
||
7 Day CHG+0.02%
Published-22 Nov, 2023 | 18:28
Updated-21 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34352
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.14%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 17:39
Updated-12 Nov, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar information disclosure

IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelSecurity QRadar SIEM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-33159
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 01:43
Updated-12 Dec, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Suite VA information disclosure

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_suite_vaSecurity Directory Suite VA
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-30607
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.24% / 47.66%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 15:20
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsrobotic_process_automationRobotic Process Automation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4953
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 15:20
Updated-16 Sep, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4967
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.16% / 36.89%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 13:05
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4649
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.89%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 13:25
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analytics_localPlanning Analytics WorkspacePlanning Analytics Local
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-22876
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.30%
||
7 Day CHG~0.00%
Published-15 Mar, 2023 | 18:39
Updated-26 Feb, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator information disclosure

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-0812
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.57%
||
7 Day CHG+0.04%
Published-29 Aug, 2022 | 14:03
Updated-13 Feb, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-38729
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.48%
||
7 Day CHG+0.02%
Published-03 Apr, 2024 | 12:27
Updated-31 Jan, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 information disclosure

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-hp-uxwindowssolarisaixlinux_on_ibm_zlinux_kerneldb2Db2 for Linux, UNIX and Windowsdb2_connect_serverdb2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-22337
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.34%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 17:50
Updated-10 Apr, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator Standard Edition information disclosure

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator Standard Edition
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-4173
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.42%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 15:10
Updated-17 Sep, 2024 | 00:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-4397
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 48.97%
||
7 Day CHG~0.00%
Published-24 Oct, 2019 | 12:00
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239

Action-Not Available
Vendor-IBM Corporation
Product-cloud_orchestratorcloud_orchestrator_enterpriseCloud Orchestrator
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-25680
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.06% / 20.14%
||
7 Day CHG~0.00%
Published-15 Mar, 2023 | 19:42
Updated-26 Feb, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automationrobotic_process_automation_as_a_servicerobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-39013
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 16:50
Updated-17 Sep, 2024 | 00:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftcloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1487
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.40% / 86.92%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:41
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-authentication_libraryMicrosoft Authentication Library (MSAL) for Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4361
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.53%
||
7 Day CHG~0.00%
Published-20 Jul, 2020 | 14:05
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-10223
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.16% / 77.72%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 11:40
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, IncKubernetes
Product-openshift_container_platformkube-state-metricslinux_kernelkube-state-metrics
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1107
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 56.98%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 13:30
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.

Action-Not Available
Vendor-IBM Corporation
Product-marketing_platformMarketing Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0588
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.95% / 85.91%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-0703
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-8.44% / 91.96%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 23:41
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2008windows_7windows_8.1windows_rt_8.1windows_10windows_server_2012windows_server_2019Windows ServerWindowsWindows
CVE-2021-38874
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.89%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 15:20
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CVE-2021-39087
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.35%
||
7 Day CHG-0.07%
Published-16 Aug, 2022 | 18:46
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelhp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-27257
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.91%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 14:24
Updated-16 Sep, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenPages information disclosure

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.

Action-Not Available
Vendor-IBM Corporation
Product-openpages_with_watsonopenpages_grc_platformOpenPages
CWE ID-CWE-540
Inclusion of Sensitive Information in Source Code
CVE-2021-38900
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.25% / 47.80%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 19:10
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.

Action-Not Available
Vendor-IBM Corporation
Product-workflow_process_servicebusiness_automation_workflowbusiness_process_managerCloud Pak for AutomationBusiness Automation Workflow
CVE-2021-38931
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.80%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncNetApp, Inc.Oracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixoncommand_insightDB2 for Linux, UNIX and Windows
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2024-26226
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.22% / 90.50%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Distributed File System (DFS) Information Disclosure Vulnerability

Windows Distributed File System (DFS) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-38887
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 14:55
Updated-17 Sep, 2024 | 00:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CVE-2021-38629
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-14.18% / 94.11%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-01 Oct, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability

Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-39018
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.66%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:15
Updated-25 Mar, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-engineering_lifecycle_optimization_-_publishingengineering_lifecycle_optimization_publishingwindowslinux_kernelEngineering Lifecycle Optimization Publishing
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-0459
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.01%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 13:22
Updated-26 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copy_from_user Spectre-V1 Gadget in Linux Kernel

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux Kernel
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2024-25037
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.24%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 15:51
Updated-03 Jul, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-controllerwindowscognos_controllerControllerCognos Controller
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-38954
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.47%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 16:50
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_b2b_integratoraixwindowslinux_kernelSterling B2B Integrator
CVE-2021-38975
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.20%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CVE-2024-22339
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.92%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 16:51
Updated-29 Jan, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Deploy information disclosure

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.

Action-Not Available
Vendor-IBM Corporation
Product-devops_deployurbancode_deployUrbanCode DeployDevOps Deploy
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-38915
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.64%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 18:55
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-22352
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 18:51
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-20660
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.67% / 87.44%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:57
Updated-03 May, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing Information Disclosure Vulnerability

Microsoft Message Queuing Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 54
  • 55
  • Next
Details not found