Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-31892

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-14 Dec, 2024 | 12:58
Updated At-16 Dec, 2024 | 17:05
Rejected At-
Credits

IBM Storage Scale SQL injection

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:14 Dec, 2024 | 12:58
Updated At:16 Dec, 2024 | 17:05
Rejected At:
â–¼CVE Numbering Authority (CNA)
IBM Storage Scale SQL injection

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.

Affected Products
Vendor
IBM CorporationIBM
Product
Storage Scale
CPEs
  • cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.1.1:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 5.1.9.0 through 5.1.9.6 (semver)
  • From 5.2.0.0 through 5.2.1.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7178098
vendor-advisory
Hyperlink: https://www.ibm.com/support/pages/node/7178098
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:14 Dec, 2024 | 13:15
Updated At:14 Dec, 2024 | 13:15

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-89Primarypsirt@us.ibm.com
CWE ID: CWE-89
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7178098psirt@us.ibm.com
N/A
Hyperlink: https://www.ibm.com/support/pages/node/7178098
Source: psirt@us.ibm.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

82Records found
CVE-2024-35124
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.24%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 11:14
Updated-22 Aug, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenBMC authentication bypass

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.

Action-Not Available
Vendor-IBM Corporation
Product-openbmcOpenBMC
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-31872
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.34%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 15:51
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance missing certificate validation

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access Appliancesecurity_verify_access
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-31871
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.34%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 15:55
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance improper certificate validation

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access Appliancesecurity_verify_access
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-42438
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.32%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 18:59
Updated-25 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Multicloud Management Monitoring privilege escalation

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-cloud_pak_for_multicloud_management_monitoringlinux_kernelCloud Pak for Multicloud Management Monitoring
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2021-39085
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.35%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 18:45
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelhp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-23470
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.29% / 52.73%
||
7 Day CHG-0.07%
Published-04 May, 2023 | 13:32
Updated-29 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i privilege escalation

IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-52360
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-0.13% / 31.93%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 19:31
Updated-18 Jul, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software SQL injection

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3346
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 8.71%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 21:06
Updated-11 May, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-langflowIBM Corporation
Product-langflow_desktopLangflow Desktop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-29730
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 50.32%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 16:55
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-29903
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 58.16%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-29798
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 58.16%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_b2b_integratoraixwindowslinux_kernelSterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-41767
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.11% / 28.99%
||
7 Day CHG~0.00%
Published-04 Jan, 2025 | 14:27
Updated-21 Mar, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization - Publishing SQL injection

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelengineering_lifecycle_optimization_publishingwindowsEngineering Lifecycle Optimization Publishing
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-40689
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.14% / 33.46%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 13:27
Updated-19 Oct, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server SQL injection

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_server_on_cloudinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-35148
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 38.24%
||
7 Day CHG~0.00%
Published-25 Jan, 2025 | 14:28
Updated-08 Jul, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Application Suite SQL injection

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suiteMaximo Application Suite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13379
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-0.05% / 14.96%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 13:30
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A SQL Injection vulnerability has been addressed in IBM Aspera Console

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_consoleAspera Console
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-1670
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 71.67%
||
7 Day CHG~0.00%
Published-09 Jan, 2018 | 20:00
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-1699
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.47% / 64.64%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 11:00
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-1356
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 68.90%
||
7 Day CHG~0.00%
Published-07 Dec, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.

Action-Not Available
Vendor-IBM Corporation
Product-atlas_ediscovery_process_managementAtlas eDiscovery Process Management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-1311
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 70.12%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.

Action-Not Available
Vendor-IBM Corporation
Product-insights_foundation_for_energyInsights Foundation for Energy
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-1347
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 70.12%
||
7 Day CHG~0.00%
Published-23 Jun, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-1269
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 71.67%
||
7 Day CHG~0.00%
Published-05 Jul, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-1174
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 70.12%
||
7 Day CHG~0.00%
Published-10 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-1175
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 71.67%
||
7 Day CHG~0.00%
Published-05 Jul, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-22495
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 16:20
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13214
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-0.06% / 19.42%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 19:49
Updated-15 Dec, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aspera_orchestratorlinux_kernelAspera Orchestrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-22338
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.48% / 65.34%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 17:41
Updated-10 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator Standard Edition SQL injection

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator Standard Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-22413
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.26% / 49.44%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 15:30
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automationRobotic Process Automation
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-43860
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.21%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 20:53
Updated-15 Apr, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Navigator for i SQL injection

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.

Action-Not Available
Vendor-IBM Corporation
Product-iNavigator for i
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-43842
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-0.03% / 9.97%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 18:47
Updated-31 Dec, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Console SQL injection

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelaspera_consoleAspera Consoleaspera_console
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-41731
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-0.46% / 64.28%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 20:09
Updated-25 Mar, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Knowledge Catalog on Cloud Pak SQL injection

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.

Action-Not Available
Vendor-IBM CorporationRed Hat, Inc.
Product-watson_knowledge_catalog_on_cloud_pak_for_dataopenshiftWatson Knowledge Catalog on-prem
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31768
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.99%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 16:20
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-1414
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 70.12%
||
7 Day CHG~0.00%
Published-22 Feb, 2018 | 19:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_management_essentialsmaximo_asset_managementMaximo Asset Management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-40615
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.44% / 63.51%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 16:48
Updated-08 Apr, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager SQL injection

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-sterling_partner_engagement_managerlinux_kernelSterling Partner Engagement Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-22463
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 17:45
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-3336
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.46% / 64.08%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 15:39
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-infosphere_guardiumlinux_kernelInfoSphere Guardium
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-1757
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-1.07% / 78.00%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-22389
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 67.40%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 16:45
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.

Action-Not Available
Vendor-opengroupIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsunixdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50316
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 38.66%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 00:22
Updated-28 Jan, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator information disclosure

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-Sterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-1674
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 51.23%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 15:00
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4990
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-0.54% / 67.79%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4921
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-0.53% / 67.18%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 15:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4655
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 58.41%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 16:40
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4328
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.11%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 12:35
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4902
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.37% / 59.08%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 15:40
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsdatacap_navigatorDatacap Navigator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4647
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 58.41%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 16:40
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-20451
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.82%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 18:16
Updated-07 Jan, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller SQL injection

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controllercognos_controller
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-4147
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.41% / 61.67%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 18:55
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-38724
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.13% / 32.30%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 17:36
Updated-14 Jan, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller SQL injection

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controllercognos_controller
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4345
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.05% / 16.72%
||
7 Day CHG~0.00%
Published-17 May, 2020 | 14:00
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-36368
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.65%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 19:35
Updated-20 Mar, 2026 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorsterling_file_gatewaySterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found