Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-22336

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-17 Feb, 2024 | 15:45
Updated At-01 Aug, 2024 | 22:43
Rejected At-
Credits

IBM QRadar Suite information disclosure

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:17 Feb, 2024 | 15:45
Updated At:01 Aug, 2024 | 22:43
Rejected At:
▼CVE Numbering Authority (CNA)
IBM QRadar Suite information disclosure

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.

Affected Products
Vendor
IBM CorporationIBM
Product
QRadar Suite Software
Default Status
unaffected
Versions
Affected
  • From 1.10.12.0 through 1.10.17.0 (semver)
Vendor
IBM CorporationIBM
Product
Cloud Pak for Security
Default Status
unaffected
Versions
Affected
  • From 1.10.0.0 through 1.10.11.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-532CWE-532 Insertion of Sensitive Information into Log File
Type: CWE
CWE ID: CWE-532
Description: CWE-532 Insertion of Sensitive Information into Log File
Metrics
VersionBase scoreBase severityVector
3.15.1MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7118642
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/279976
vdb-entry
Hyperlink: https://www.ibm.com/support/pages/node/7118642
Resource:
vendor-advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/279976
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7118642
vendor-advisory
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/279976
vdb-entry
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/7118642
Resource:
vendor-advisory
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/279976
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:17 Feb, 2024 | 16:15
Updated At:04 Dec, 2024 | 15:53

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.1MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>cloud_pak_for_security>>Versions from 1.10.0.0(inclusive) to 1.10.11.0(inclusive)
cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>qradar_suite>>Versions from 1.10.12.0(inclusive) to 1.10.18.0(exclusive)
cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-532Secondarypsirt@us.ibm.com
CWE ID: CWE-532
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/279976psirt@us.ibm.com
VDB Entry
https://www.ibm.com/support/pages/node/7118642psirt@us.ibm.com
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/279976af854a3a-2127-422b-91ae-364da2661108
VDB Entry
https://www.ibm.com/support/pages/node/7118642af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/279976
Source: psirt@us.ibm.com
Resource:
VDB Entry
Hyperlink: https://www.ibm.com/support/pages/node/7118642
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/279976
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
VDB Entry
Hyperlink: https://www.ibm.com/support/pages/node/7118642
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

382Records found
CVE-2022-43923
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.19% / 8.61%
||
7 Day CHG~0.00%
Published-24 Feb, 2023 | 14:13
Updated-11 Mar, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suiteMaximo Application Suite
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-2607
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.13% / 2.99%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:20
Updated-29 May, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

IBM MQ Operator SC2: v3.2.0 through 3.2.23CD:  v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1, 9.4.0.10-r2, 9.4.0.11-r1, 9.4.0.11-r2, 9.4.0.11-r3, 9.4.0.12-r1, 9.4.0.15-r1 - 9.4.0.15-r4, 9.4.0.16-r1, 9.4.0.16-r2, 9.4.0.17-r1, 9.4.0.17-r2, 9.4.0.20-r1CD: 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1, 9.4.2.0-r1, 9.4.2.0-r2, 9.4.2.1-r1, 9.4.2.1-r2, 9.4.3.0-r1, 9.4.3.0-r2, 9.4.3.1-r1 - 9.4.3.1-r3, 9.4.4.0-r1 - 9.4.4.0-r4, 9.4.4.1-r1, 9.4.5.0-r1, 9.4.5.0-r2LTS: 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2 IBM MQ stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-supplied MQ Advanced container imagesMQ Operator
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-25030
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.19% / 8.87%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 12:14
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-35719
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.17% / 6.70%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 16:45
Updated-25 Apr, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-mq_internet_pass-thruMQ Internet Pass-Thru
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-22337
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 8.87%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 15:46
Updated-03 Dec, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite information disclosure

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-45091
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.20% / 9.93%
||
7 Day CHG+0.01%
Published-21 Jan, 2025 | 00:41
Updated-29 Jan, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Deploy information disclosure

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-40679
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 5.44%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 00:44
Updated-31 Jan, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 information disclosure

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-22335
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 8.87%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 15:32
Updated-04 Dec, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite information disclosure

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-22352
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 38.48%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 18:51
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-5515
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.07%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:58
Updated-02 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise is vulnerable to a confidential disclosure

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterpriseApp Connect Enterprise
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2026-4788
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.12% / 1.91%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 00:20
Updated-14 Apr, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities affect IBM Tivoli Netcool Impact

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/impactTivoli Netcool Impact
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-39032
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.25% / 16.26%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 17:10
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-sterling_gentranwindowsSterling Gentran:Server for Microsoft Windows
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-36133
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 1.19%
||
7 Day CHG~0.00%
Published-01 Sep, 2025 | 11:56
Updated-18 Dec, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise information disclosure

IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_operatorapp_connect_enterprise_certified_containers_operandsApp Connect Enterprise Certified Container
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-1998
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 5.19%
||
7 Day CHG+0.01%
Published-27 Mar, 2025 | 14:41
Updated-01 Sep, 2025 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure

IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deploydevops_deployDevOps DeployUrbanCode Deploy
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-4900
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.29% / 20.03%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 15:30
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowBusiness Automation Workflow
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-43043
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.15% / 4.71%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 09:19
Updated-15 Aug, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_mobile_for_eamenterprise_asset_managementMaximo Application Suite - Maximo Mobile for EAM
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-40694
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.17% / 6.36%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 21:09
Updated-20 Aug, 2025 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson CP4D Data Stores information disclosure

IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftwatson_cp4d_data_storesWatson CP4D Data Stores
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-4299
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.28% / 19.18%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 15:05
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automation_with_automation_anywhereRobotic Process Automation with Automation Anywhere
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-30430
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 5.80%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 15:53
Updated-24 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access information disclosure

IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-25682
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.23% / 13.33%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 18:45
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator information disclosure

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator Standard Edition
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-22869
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.66%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 15:48
Updated-19 Dec, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_faspexAspera Faspexaspera_faspex
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-36144
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.11% / 1.69%
||
7 Day CHG~0.00%
Published-27 Sep, 2025 | 00:05
Updated-03 Oct, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM watsonx.data information disclosure

IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.datawatsonx.data
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-13755
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 3.95%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 15:46
Updated-27 May, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-31002
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.12% / 2.53%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 16:13
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Container information disclosure

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_manager_containerSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-43901
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.19% / 9.14%
||
7 Day CHG~0.00%
Published-01 Dec, 2022 | 18:09
Updated-23 Apr, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps information disclosure

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_automation_for_ibm_cloud_pak_for_watson_aiopsWebSphere Automation for Cloud Pak for Watson AIOps
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-43877
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 8.69%
||
7 Day CHG~0.00%
Published-06 May, 2023 | 02:44
Updated-29 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Deploy (UCD) information disclosure

IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2022-40745
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 3.45%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 17:01
Updated-03 Aug, 2024 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_faspexAspera Faspexaspera_faspex
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-38388
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.17% / 6.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:00
Updated-15 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.

Action-Not Available
Vendor-IBM Corporation
Product-navigator_mobileNavigator Mobile
CWE ID-CWE-284
Improper Access Control
CVE-2022-38391
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.27% / 18.98%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 20:31
Updated-15 Apr, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Control information disclosure

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.

Action-Not Available
Vendor-IBMLinux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-aixspectrum_controlwindowslinux_kernelSpectrum Control
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-38707
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.16% / 5.92%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 13:54
Updated-29 Jan, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Command Center information disclosure

IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_command_centerCognos Command Center
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-8636
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-Not Assigned
Published-22 Jun, 2026 | 14:16
Updated-22 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Datacap

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.

Action-Not Available
Vendor-IBM Corporation
Product-Datacap NavigatorDatacap
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CVE-2016-0371
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 25.97%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.

Action-Not Available
Vendor-Apple Inc.IBM CorporationOracle CorporationLinux Kernel Organization, IncHP Inc.Microsoft Corporation
Product-hp-uxmac_os_xtivoli_storage_managersolarisaixwindowslinux_kernelTivoli Storage Manager
CVE-2022-35720
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.3||LOW
EPSS-0.12% / 2.10%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 18:24
Updated-25 Mar, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling External Authentication Server information disclosure

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-sterling_external_authentication_serverlinux_kernelsterling_secure_proxylinux_on_ibm_zwindowsaixSterling Secure ProxySterling External Authentication Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-34355
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.18% / 7.89%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 20:43
Updated-19 Sep, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Jazz Foundation information disclosure

IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_lifecycle_managementcollaborative_lifecycle_managementEngineering Lifecycle Management
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-30613
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.19% / 8.63%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 17:00
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CVE-2024-45673
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 2.79%
||
7 Day CHG~0.00%
Published-21 Feb, 2025 | 16:45
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Bridge information disclosure

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelsecurity_verify_gateway_for_windows_loginwindowssecurity_verify_bridge_directory_syncsecurity_verify_gateway_for_radiusSecurity Verify Bridge Directory Sync
CWE ID-CWE-260
Password in Configuration File
CVE-2024-49351
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.21%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 03:11
Updated-08 Aug, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Workload Scheduler information disclosure

IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-workload_schedulerWorkload Scheduler
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2024-40703
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 3.84%
||
7 Day CHG~0.00%
Published-22 Sep, 2024 | 12:20
Updated-27 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analyticscognos_analytics_reportsCognos Analytics ReportsCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-39733
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 4.01%
||
7 Day CHG~0.00%
Published-14 Jul, 2024 | 12:41
Updated-21 Sep, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Datacap Navigator information disclosure

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.

Action-Not Available
Vendor-IBM Corporation
Product-datacapDatacap Navigator
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-35139
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.23% / 13.73%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 15:42
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Verify Access Docker
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2015-5013
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 21.94%
||
7 Day CHG~0.00%
Published-08 Feb, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_manager_9.0security_access_manager_for_mobile_appliancesecurity_access_manager_9.0_firmwaresecurity_access_manager_for_web_8.0_firmwaresecurity_access_manager_for_mobilesecurity_access_manager_for_web_applianceAccess Manager
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-27277
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.12% / 1.91%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:07
Updated-14 Feb, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Protect Plus Server information disclosure

The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205.

Action-Not Available
Vendor-IBM Corporation
Product-storage_protect_plusStorage Protect Plus Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-25024
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 2.11%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 02:42
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite Software information disclosure

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_suitecloud_pak_for_securityCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-25027
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.11% / 1.36%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 11:40
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Container information disclosure

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access Docker
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2019-4116
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 27.33%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 14:30
Updated-16 Sep, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CVE-2024-25023
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 1.81%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 23:58
Updated-21 Sep, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite Software information disclosure

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-4719
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.32% / 23.23%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 15:25
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelmq_appliancewebsphere_mqhp-uxwindowsmqaixMQ
CVE-2022-35640
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.18% / 7.23%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 23:05
Updated-19 Oct, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager information disclosure

IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2019-4220
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.21% / 11.20%
||
7 Day CHG~0.00%
Published-06 Jun, 2019 | 00:35
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_server_on_cloudwatson_knowledge_catalogInfoSphere Information Server
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-4259
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.35% / 26.92%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 15:55
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found