Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-38325

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-27 Jan, 2025 | 15:27
Updated At-27 Jan, 2025 | 15:40
Rejected At-
Credits

IBM Storage Defender information disclosure

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:27 Jan, 2025 | 15:27
Updated At:27 Jan, 2025 | 15:40
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Storage Defender information disclosure

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Affected Products
Vendor
IBM CorporationIBM
Product
Storage Defender - Resiliency Service
CPEs
  • cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.7:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2.0.0 through 2.0.7 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-311CWE-311 Missing Encryption of Sensitive Data
Type: CWE
CWE ID: CWE-311
Description: CWE-311 Missing Encryption of Sensitive Data
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7168640
N/A
Hyperlink: https://www.ibm.com/support/pages/node/7168640
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:27 Jan, 2025 | 16:15
Updated At:14 Aug, 2025 | 19:10

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>storage_defender>>Versions from 2.0.0(inclusive) to 2.0.8(exclusive)
cpe:2.3:a:ibm:storage_defender:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-311Primarypsirt@us.ibm.com
CWE ID: CWE-311
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7168640psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7168640
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

490Records found
CVE-2022-22401
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 5.21%
||
7 Day CHG~0.00%
Published-08 Sep, 2023 | 21:21
Updated-25 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aspera_faspexlinux_kernelAspera Faspex
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2022-22386
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 5.38%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 01:08
Updated-13 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Privilege information disclosure

IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221963.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM Corporation
Product-security_verify_privilege_on-premisesmacoswindowsSecurity Verify Privilege
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2023-35888
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 5.44%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 13:25
Updated-27 Jan, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governancesecurity_verify_governance
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2022-22405
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-08 Sep, 2023 | 20:12
Updated-26 Sep, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aspera_faspexlinux_kernelAspera Faspex
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2024-41757
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 22.46%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 15:14
Updated-29 Sep, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software information disclosure

IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-39090
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.01% / 3.02%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 02:35
Updated-31 Dec, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-cloud_pak_for_securitylinux_kernelCloud Pak for Security
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-36062
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.72%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 18:09
Updated-18 Aug, 2025 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics Mobile (iOS) information disclosure

IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analytics_mobileCognos Analytics Mobile
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2025-33020
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.88%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 14:47
Updated-18 Aug, 2025 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Systems Design Rhapsody information disclosure

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_systems_design_rhapsodyEngineering Systems Design Rhapsody
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2022-33161
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.93%
||
7 Day CHG~0.00%
Published-14 Oct, 2023 | 14:14
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Server information disclosure

IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_directorysecurity_directory_suitesecurity_directory_integratorsecurity_directory_serverSecurity Directory Server
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2023-33837
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.02% / 5.13%
||
7 Day CHG~0.00%
Published-23 Oct, 2023 | 19:47
Updated-19 Sep, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2023-42019
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-01 Dec, 2023 | 21:01
Updated-02 Aug, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2018-1501
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.79%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 19:00
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-1546
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 43.02%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM API Connect information disclosure

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1545
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 28.43%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 15:00
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.

Action-Not Available
Vendor-IBM CorporationApple Inc.
Product-spectrum_protect_clientmacosspectrum_protect_for_virtual_environmentsSpectrum Protect
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-39745
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.65%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 11:06
Updated-13 Mar, 2026 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixsterling_connect_direct_web_serviceswindowslinux_kernelSterling Connect:Direct Web Services
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-43917
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 17:17
Updated-31 Mar, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

Action-Not Available
Vendor-Oracle CorporationHP Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-27903
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 19:32
Updated-26 Feb, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-db2_recovery_expertDB2 Recovery Expert for LUW
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-39732
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-14 Jul, 2024 | 12:39
Updated-18 Sep, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Datacap Navigator information disclosure

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791.

Action-Not Available
Vendor-IBM Corporation
Product-datacapDatacap Navigator
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-39746
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 6.46%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 10:29
Updated-31 Oct, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_connect_direct_web_serviceslinux_kernelaixwindowsSterling Connect:Direct Web Services
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4898
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:40
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_strategic_supply_managementEmptoris Strategic Supply Management
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4893
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 32.05%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:40
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_strategic_supply_managementEmptoris Strategic Supply Management
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4905
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 47.35%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 20:35
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CVE-2020-4778
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 26.47%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:05
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCuram SPM
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-22452
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.10%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 17:40
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_governancelinux_kernelSecurity Verify Governance
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-4831
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 16:40
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4970
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.10%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 16:05
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerSecurity Identity Governance and Intelligence
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4841
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 49.27%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 18:05
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_secret_serverSecurity Secret Server
CWE ID-CWE-862
Missing Authorization
CVE-2020-4254
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:40
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4232
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.79%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 14:45
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_governance_and_intelligenceSecurity Identity Governance and Intelligence
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-4476
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.42%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 16:40
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CVE-2020-4175
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 53.17%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-862
Missing Authorization
CVE-2020-4174
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4452
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 13:30
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4595
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-16 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4350
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 13:15
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4622
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 19.25%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-4152
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 26.24%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 16:50
Updated-16 Sep, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_network_securityQRadar Network Security
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4594
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-16 Sep, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4643
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 57.01%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 17:10
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-4497
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 21:50
Updated-17 Apr, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Protect Plus information disclosure

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4413
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 47.97%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 14:10
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988.

Action-Not Available
Vendor-IBM Corporation
Product-security_secret_serverSecurity Secret Server
CWE ID-CWE-862
Missing Authorization
CVE-2020-4494
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.02%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:25
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowsspectrum_protect_clientspectrum_protect_for_space_managementaixSpectrum Protect for Space Management (Linux)Spectrum Protect Client (AIX)Spectrum Protect for Space Management (AIX)Spectrum Protect Client (Linux and Windows)
CWE ID-CWE-287
Improper Authentication
CVE-2020-4449
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 68.77%
||
7 Day CHG~0.00%
Published-05 Jun, 2020 | 12:55
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-4269
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.46%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-4160
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 37.65%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 16:50
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_network_securityQRadar Network Security
CVE-2020-4596
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-17 Sep, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4277
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.31%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 13:25
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993.

Action-Not Available
Vendor-IBM Corporation
Product-tririga_application_platformTRIRIGA Application Platform
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4397
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 23.86%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 20:30
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.

Action-Not Available
Vendor-IBM Corporation
Product-verify_gatewayVerify Gateway (IVG)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4565
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 47.04%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 13:45
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4584
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.19% / 41.08%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 13:50
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574.

Action-Not Available
Vendor-IBM Corporation
Product-i2_ibasei2 iBase
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found