Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-0160

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-28 Feb, 2025 | 19:02
Updated At-28 Feb, 2025 | 19:50
Rejected At-
Credits

IBM FlashSystem code execution

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:28 Feb, 2025 | 19:02
Updated At:28 Feb, 2025 | 19:50
Rejected At:
▼CVE Numbering Authority (CNA)
IBM FlashSystem code execution

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.

Affected Products
Vendor
IBM CorporationIBM
Product
Storage Virtualize
CPEs
  • cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 8.5.0.0 through 8.5.0.13 (semver)
  • 8.5.1.0
  • From 8.5.2.0 through 8.5.2.3 (semver)
  • From 8.5.3.0 through 8.5.3.1 (semver)
  • 8.5.4.0
  • From 8.6.0.0 through 8.6.0.5 (semver)
  • 8.6.1.0
  • From 8.6.2.0 through 8.6.2.1 (semver)
  • 8.6.3.0
  • 8.7.1.0
  • From 8.7.2.0 through 8.7.2.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-114CWE-114 Process Control
Type: CWE
CWE ID: CWE-114
Description: CWE-114 Process Control
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7184182
vendor-advisory
Hyperlink: https://www.ibm.com/support/pages/node/7184182
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:28 Feb, 2025 | 19:15
Updated At:18 Aug, 2025 | 18:21

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
IBM Corporation
ibm
>>storage_virtualize>>Versions from 8.5(inclusive) to 8.5.0.14(exclusive)
cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>Versions from 8.5.2.0(inclusive) to 8.5.2.3(inclusive)
cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>Versions from 8.6.0.0(inclusive) to 8.6.0.6(exclusive)
cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>Versions from 8.7.0.0(inclusive) to 8.7.0.3(exclusive)
cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.5.1.0
cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.5.3.0
cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.5.3.1
cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.5.4.0
cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.6.1.0
cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.6.2.0
cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.6.2.1
cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.6.3.0
cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.7.1.0
cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.7.2.0
cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>storage_virtualize>>8.7.2.1
cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-114Primarypsirt@us.ibm.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-114
Type: Primary
Source: psirt@us.ibm.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7184182psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7184182
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

171Records found
CVE-2021-20418
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.14% / 35.07%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 15:55
Updated-16 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-9411
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-10||CRITICAL
EPSS-0.39% / 58.91%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 17:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Managed File Transfer Platform Server for IBM i Authentication Bypass

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)IBM Corporation
Product-managed_file_transfer_platform_serveriTIBCO Managed File Transfer Platform Server for IBM i
CVE-2020-9412
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-10||CRITICAL
EPSS-0.78% / 72.71%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 17:00
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)IBM Corporation
Product-managed_file_transfer_platform_serveriTIBCO Managed File Transfer Platform Server for IBM i
CVE-2023-43040
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.61% / 89.96%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 02:18
Updated-14 Aug, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Fusion HCI improper access control

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

Action-Not Available
Vendor-IBM Corporation
Product-storage_fusion_hciSpectrum Fusion HCIspectrum_fusion_hci
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2023-43058
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.41%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 13:09
Updated-19 Sep, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation privilege escalation

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftrobotic_process_automationrobotic_process_automation_for_cloud_pakRobotic Process Automation
CVE-2023-42017
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8||HIGH
EPSS-0.09% / 26.90%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 16:02
Updated-02 Aug, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Planning Analytics file upload

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-40691
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8||HIGH
EPSS-0.10% / 27.34%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 16:41
Updated-11 Dec, 2024 | 03:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-50940
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.78%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 01:05
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM PowerSC cross-resource origin sharing

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.

Action-Not Available
Vendor-IBM Corporation
Product-powerscPowerSCpowersc
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CWE ID-CWE-697
Incorrect Comparison
CVE-2023-50948
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.88%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 01:43
Updated-03 Jun, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Fusion HCI information disclosure

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.

Action-Not Available
Vendor-IBM Corporation
Product-storage_fusion_hciStorage Fusion HCI
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-40689
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.17% / 38.85%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 13:27
Updated-19 Oct, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server SQL injection

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_server_on_cloudinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-33836
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.77%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:26
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-32333
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.57%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 01:55
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Asset Management improper access control

IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Managementmaximo_asset_management
CWE ID-CWE-284
Improper Access Control
CVE-2023-32328
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.61%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 16:07
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access information disclosure

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-32330
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.71%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 16:09
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access man in the middle

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-27866
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.29% / 52.34%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 15:41
Updated-28 Oct, 2024 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Informix JDBC code execution

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.

Action-Not Available
Vendor-IBM Corporation
Product-informix_jdbc_driverInformix JDBC
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-27284
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 24.67%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 20:07
Updated-18 Feb, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera code execution

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_cargoaspera_connectAspera
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-4958
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.47% / 63.57%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 14:00
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_governance_and_intelligenceSecurity Identity Governance and Intelligence
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-4450
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-76.78% / 98.91%
||
7 Day CHG~0.00%
Published-05 Jun, 2020 | 12:55
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-4879
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.91% / 74.82%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 17:20
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowscognos_controllerCognos Controller
CWE ID-CWE-287
Improper Authentication
CVE-2020-4567
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 14:05
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-4589
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-6.77% / 90.92%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 11:50
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-4427
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9||CRITICAL
EPSS-51.01% / 97.78%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 19:20
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk ManagerData Risk Manager
CWE ID-CWE-287
Improper Authentication
CVE-2020-4150
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 17.89%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 17:05
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142.

Action-Not Available
Vendor-IBM Corporation
Product-security_siteprotector_systemSecurity SiteProtector System
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-4210
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-28.95% / 96.39%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 15:35
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_protectlinux_kernelSpectrum Protect Plus
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-4469
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-46.36% / 97.57%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:25
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-4499
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 12:40
Updated-17 Sep, 2024 | 04:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managersecurity_verify_accessSecurity Verify AccessSecurity Access Manager
CVE-2020-4459
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-04 Aug, 2020 | 16:00
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395.

Action-Not Available
Vendor-IBM Corporation
Product-security_secret_serverSecurity Secret Server
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-4988
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.61% / 68.93%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 17:50
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706.

Action-Not Available
Vendor-LoopbackIBM Corporation
Product-loopbackLoopback
CVE-2020-4690
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 16:05
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-4493
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.20%
||
7 Day CHG~0.00%
Published-05 Oct, 2020 | 13:25
Updated-17 Sep, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CVE-2020-4216
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:25
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-38945
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.33% / 55.10%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 15:35
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-27286
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 20:07
Updated-18 Feb, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera code execution

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_cargoaspera_connectAspera
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-25684
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.40%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 16:13
Updated-26 Feb, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Key Lifecycle Manager SQL injection

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-47986
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.34% / 99.95%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 15:46
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-03-14||Apply updates per vendor instructions.
IBM Aspera Faspex code execution

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelaspera_faspexAspera FaspexAspera Faspex
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-1457
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.46% / 63.21%
||
7 Day CHG~0.00%
Published-27 Jun, 2018 | 18:00
Updated-05 Feb, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-engineering_requirements_management_doorswindowslinux_kernelRational DOORS
CVE-2022-47984
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.22%
||
7 Day CHG~0.00%
Published-19 May, 2023 | 15:56
Updated-12 Feb, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server SQL injection

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4211
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-51.55% / 97.80%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 15:35
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_protectlinux_kernelSpectrum Protect Plus
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-6087
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.43% / 79.88%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.

Action-Not Available
Vendor-IBM Corporation
Product-dominoDomino
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4415
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.57% / 95.91%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 13:10
Updated-17 Sep, 2024 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protectSpectrum Protect
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6090
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.01% / 76.13%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_commerceWebSphere Commerce Enterprise
CVE-2020-4222
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-28.95% / 96.39%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 15:35
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protectSpectrum Protect Plus
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-4821
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 46.73%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 16:50
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_change_data_captureinfosphere_data_replicationInfoSphere Data ReplicationInfoSphere Change Data Capture for z/OS
CWE ID-CWE-287
Improper Authentication
CVE-2020-4429
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-38.29% / 97.13%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 19:20
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-4854
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 46.16%
||
7 Day CHG~0.00%
Published-23 Nov, 2020 | 16:55
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelspectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-23622
Matching Score-8
Assigner-Exodus Intelligence
ShareView Details
Matching Score-8
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-0.95% / 75.36%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:36
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Merge Healthcare eFilm Workstation License Server CopySLS_Request3 Buffer Overflow

A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.

Action-Not Available
Vendor-IBM Corporation
Product-merge_efilm_workstationeFilm Workstation
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23621
Matching Score-8
Assigner-Exodus Intelligence
ShareView Details
Matching Score-8
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-0.94% / 75.30%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:36
Updated-03 Jun, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.

Action-Not Available
Vendor-IBM Corporation
Product-merge_efilm_workstationeFilm Workstation
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-22320
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.23% / 99.71%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 02:16
Updated-07 May, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Operational Decision Manager code execution

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.

Action-Not Available
Vendor-IBM Corporation
Product-operational_decision_managerOperational Decision Manageroperational_decision_manager
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-22330
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 13.40%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 01:08
Updated-24 Aug, 2025 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance
CWE ID-CWE-521
Weak Password Requirements
CVE-2022-41731
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-0.07% / 22.17%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 20:09
Updated-25 Mar, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Knowledge Catalog on Cloud Pak SQL injection

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.

Action-Not Available
Vendor-IBM CorporationRed Hat, Inc.
Product-watson_knowledge_catalog_on_cloud_pak_for_dataopenshiftWatson Knowledge Catalog on-prem
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found