Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-40703

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-22 Sep, 2024 | 12:20
Updated At-22 Sep, 2024 | 15:27
Rejected At-
Credits

IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:22 Sep, 2024 | 12:20
Updated At:22 Sep, 2024 | 15:27
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

Affected Products
Vendor
IBM CorporationIBM
Product
Cognos Analytics
CPEs
  • cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics_reports:11.0.0.7:*:*:*:*:ios:*:*
Default Status
unaffected
Versions
Affected
  • 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3
Vendor
IBM CorporationIBM
Product
Cognos Analytics Reports
Platforms
  • iOS
Default Status
unaffected
Versions
Affected
  • 11.0.0.7
Problem Types
TypeCWE IDDescription
CWECWE-522CWE-522 Insufficiently Protected Credentials
Type: CWE
CWE ID: CWE-522
Description: CWE-522 Insufficiently Protected Credentials
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7160700
vendor-advisory
https://www.ibm.com/support/pages/node/7168038
vendor-advisory
Hyperlink: https://www.ibm.com/support/pages/node/7160700
Resource:
vendor-advisory
Hyperlink: https://www.ibm.com/support/pages/node/7168038
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:22 Sep, 2024 | 13:15
Updated At:27 Sep, 2024 | 16:49

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>cognos_analytics>>Versions from 11.2.0(inclusive) to 11.2.3(inclusive)
cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>Versions from 12.0.0(inclusive) to 12.0.3(exclusive)
cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>11.2.4
cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>12.0.3
cpe:2.3:a:ibm:cognos_analytics:12.0.3:-:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics>>12.0.3
cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_analytics_reports>>11.0.0.7
cpe:2.3:a:ibm:cognos_analytics_reports:11.0.0.7:*:*:*:*:iphone_os:*:*
Weaknesses
CWE IDTypeSource
CWE-522Primarypsirt@us.ibm.com
CWE ID: CWE-522
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7160700psirt@us.ibm.com
Patch
Vendor Advisory
https://www.ibm.com/support/pages/node/7168038psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7160700
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7168038
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

276Records found
CVE-2015-1931
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.89%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 18:42
Updated-06 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

Action-Not Available
Vendor-n/aRed Hat, Inc.IBM CorporationSUSE
Product-enterprise_linux_serverlinux_enterprise_software_development_kitlinux_enterprise_serverenterprise_linux_workstationenterprise_linux_eussatelliteenterprise_linux_desktopjava_sdkn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-22325
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.82%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 16:15
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.

Action-Not Available
Vendor-IBM Corporation
Product-mq_for_hpe_nonstopMQ for HPE NonStop
CVE-2021-20435
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.5||LOW
EPSS-0.02% / 3.98%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 17:10
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_bridgeSecurity Verify Bridge
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-22414
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.82%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 16:25
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsrobotic_process_automationRobotic Process Automation
CVE-2022-22484
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.15%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 16:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protectwindowslinux_kernelSpectrum Protect Operations Center
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-22321
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-01 Mar, 2022 | 16:45
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ Appliance
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-22424
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 20.80%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 17:35
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-22470
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.01% / 0.47%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 16:39
Updated-10 Apr, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-22367
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.84%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 18:00
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-1998
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.14%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 14:41
Updated-14 Aug, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure

IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deploydevops_deployUrbanCode DeployDevOps Deploy
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-0985
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.92%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 16:21
Updated-26 Aug, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ information disclosure

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ
CWE ID-CWE-526
Cleartext Storage of Sensitive Information in an Environment Variable
CVE-2023-38368
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.53%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:25
Updated-24 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager Docker
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-30430
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.69%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 15:53
Updated-24 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access information disclosure

IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-33842
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.10%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 01:34
Updated-04 Dec, 2024 | 21:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM SPSS Modeler information disclosure

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM Corporation
Product-windowsspss_modelermacosSPSS Modelerspss_modeler
CVE-2021-39000
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 16:45
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-45673
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.52%
||
7 Day CHG~0.00%
Published-21 Feb, 2025 | 16:45
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Bridge information disclosure

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelsecurity_verify_gateway_for_windows_loginwindowssecurity_verify_bridge_directory_syncsecurity_verify_gateway_for_radiusSecurity Verify Bridge Directory Sync
CWE ID-CWE-260
Password in Configuration File
CVE-2021-29906
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 28.44%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 17:20
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftapp_connect_enterprise_certified_containerApp Connect Enterprise Certified Container
CVE-2020-4891
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.91%
||
7 Day CHG~0.00%
Published-16 Mar, 2021 | 13:55
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2024-49817
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 17:34
Updated-07 Jan, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager information disclosure

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_key_lifecycle_managerSecurity Guardium Key Lifecycle Manager
CWE ID-CWE-260
Password in Configuration File
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1764
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 8.82%
||
7 Day CHG~0.00%
Published-23 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_business_intelligenceCognos Business Intelligence
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1779
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.89%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 16:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1201
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.82%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_security_compliance_analyticsBigFix Compliance Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4138
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 51.67%
||
7 Day CHG~0.00%
Published-29 May, 2019 | 15:10
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_controlSpectrum Control Standard Edition
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4385
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 21.10%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 13:30
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-39046
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 15:40
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process ManagerBusiness Automation Workflow
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4724
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.36% / 57.06%
||
7 Day CHG~0.00%
Published-31 May, 2021 | 15:10
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4508
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 25.75%
||
7 Day CHG~0.00%
Published-10 Jan, 2020 | 15:35
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-41771
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 15:29
Updated-07 Mar, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Requirements Management DOORS Next information disclosure

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_requirements_management_doors_nextEngineering Requirements Management DOORS Next
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1411
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 42.58%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 14:00
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_governance_and_intelligenceSecurity Identity Governance and Intelligence
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-29811
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.19% / 41.30%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 16:45
Updated-17 Sep, 2024 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_webguiTivoli Netcool/OMNIbus
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-31899
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 9.93%
||
7 Day CHG~0.00%
Published-26 Sep, 2024 | 13:34
Updated-07 Jan, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Command Center information disclosure

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_command_centerCognos Command Center
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4723
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.36% / 57.06%
||
7 Day CHG~0.00%
Published-31 May, 2021 | 15:10
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1337
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.28% / 51.09%
||
7 Day CHG~0.00%
Published-10 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_mqMQ
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1378
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.82%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_storage_managerSpectrum Protect for Virtual Environments
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-3800
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 42.79%
||
7 Day CHG~0.00%
Published-05 Aug, 2019 | 16:38
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CF CLI writes the client id and secret to config file

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

Action-Not Available
Vendor-solaceappdynamicsnewrelicsynopsysyugabyteanyninesapigeepagerdutywavefrontsnykbluemedoradatadoghqsumologicdatastaxsignalsciencescontrastsecuritycyberarkdynatraceriverbedSplunk LLC (Cisco Systems, Inc.)TIBCO (Cloud Software Group, Inc.)IBM CorporationCloud FoundryGoogle LLCVMware (Broadcom Inc.)SambaMicrosoft CorporationForgeRock, Inc.
Product-single_sign-onedge_service_brokercloud_foundry_command_line_interfaceenterprise_service_brokerbusinessworks_buildpacklogmeservice_brokercloud_foundry_autoscaling_releaseconjur_service_brokerdb_enterpriseseeker_iast_service_brokerapplication_servicecloud_foundry_log_cache_releasemongodbgoogle_cloud_platform_service_brokercloud_foundry_command_line_interface_releasesteelcentral_appinternalscloud_foundry_deployment_concourse_tasksapplication_monitoringpostgresqlcloud_foundry_networking_releaseon_demand_service_brokercloud_foundry_deploymentpivotal_cloud_foundry_service_brokercloud_foundry_event_alertspubsub\+rabbitmqdotnet_extension_buildpackwavefront_by_vmware_nozzlecloud_foundry_healthwatchnozzleazure_log_analytics_nozzlerediselasticsearchapplication_performance_monitoringcloud_foundry_routing_releasecloud_foundry_smoke_testwebsphere_liberty_volume_servicemetric_registrar_releasecloud_foundry_notificationsapplication_analyticscredhub_service_broker_for_pcfplatform_montioringazure_service_brokermysqlCF CLICF CLI Release
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-1362
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.85%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerSecurity Identity Manager
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4697
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.13%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 19:00
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_encryptionguardium_for_cloud_key_managementSecurity Guardium Data Encryption
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-33093
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.84%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 11:04
Updated-28 Aug, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager information disclosure

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-260
Password in Configuration File
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4059
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.96%
||
7 Day CHG~0.00%
Published-15 Feb, 2019 | 20:00
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.

Action-Not Available
Vendor-IBM Corporation
Product-rational_clearcaseRational ClearCase
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1231
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.27%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 05:00
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix Platform
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1207
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.58%
||
7 Day CHG~0.00%
Published-05 Jul, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_message_brokerintegration_busIntegration Bus
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-4693
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.02% / 3.32%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 19:00
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_encryptionguardium_for_cloud_key_managementSecurity Guardium Data Encryption
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-20410
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.95%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-20389
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-40704
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 27.77%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 16:44
Updated-15 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-47741
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.67%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 19:09
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i information disclosure

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.

Action-Not Available
Vendor-IBM Corporation
Product-db2_mirror_for_iiDb2 Mirror for ii
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-50310
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 10.46%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 10:55
Updated-05 Nov, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS Transaction Gateway for Multiplatforms information disclosure

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Action-Not Available
Vendor-IBM Corporation
Product-cics_transaction_gatewayCICS Transaction Gateway for Multiplatforms
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-4913
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.14%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 14:00
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_systemCloud Pak System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-50311
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.03% / 5.75%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 12:00
Updated-23 Oct, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS Transaction Gateway for Multiplatforms information disclosure

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages.

Action-Not Available
Vendor-IBM Corporation
Product-cics_transaction_gatewayCICS Transaction Gateway for Multiplatforms
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-22862
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 20.16%
||
7 Day CHG~0.00%
Published-04 Jun, 2023 | 23:42
Updated-08 Jan, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera information disclosure

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_cargoaspera_connectAspera ConnectAspera Cargo
CWE ID-CWE-523
Unprotected Transport of Credentials
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found