Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-1759

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-18 Aug, 2025 | 13:58
Updated At-18 Aug, 2025 | 14:13
Rejected At-
Credits

IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:18 Aug, 2025 | 13:58
Updated At:18 Aug, 2025 | 14:13
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Affected Products
Vendor
IBM CorporationIBM
Product
Concert Software
CPEs
  • cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 1.0.0 through 1.1.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-244CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Type: CWE
CWE ID: CWE-244
Description: CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7242354
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7242354
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:18 Aug, 2025 | 14:15
Updated At:21 Aug, 2025 | 20:09

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>concert>>Versions from 1.0.0(inclusive) to 2.0.0(exclusive)
cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-244Primarypsirt@us.ibm.com
CWE-212Primarynvd@nist.gov
CWE ID: CWE-244
Type: Primary
Source: psirt@us.ibm.com
CWE ID: CWE-212
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7242354psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7242354
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

434Records found
CVE-2025-1721
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.66%
||
7 Day CHG~0.00%
Published-26 Dec, 2025 | 12:55
Updated-29 Dec, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BM Concert Software Improper Clearing of Heap Memory Before Release.

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2025-36118
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.09%
||
7 Day CHG-0.03%
Published-17 Nov, 2025 | 20:47
Updated-08 Dec, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Virtualize Information Disclosure

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.

Action-Not Available
Vendor-IBM Corporation
Product-storage_virtualizeStorage Virtualize
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2025-33101
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.42%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 19:03
Updated-06 Mar, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2025-1722
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.66%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 15:02
Updated-26 Jan, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2025-1719
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.66%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 15:01
Updated-26 Jan, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert
CWE ID-CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVE-2025-27903
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.01% / 3.07%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 19:32
Updated-26 Feb, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-db2_recovery_expertDB2 Recovery Expert for LUW
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-43927
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 33.34%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 16:51
Updated-18 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows information disclosure

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

Action-Not Available
Vendor-IBM CorporationHP Inc.Microsoft CorporationOracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-43904
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.43%
||
7 Day CHG~0.00%
Published-27 Aug, 2023 | 23:08
Updated-01 Oct, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium information disclosure

IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardiumsecurity_guardium
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-43930
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.10% / 26.52%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 17:04
Updated-12 Mar, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows information disclosure

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.

Action-Not Available
Vendor-IBM CorporationMicrosoft Corporation
Product-windowsdb2Db2 for Linux, UNIX and Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-43890
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.67%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 15:52
Updated-08 May, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Privilege On-Premises information disclosure

IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_privilege_on-premisesSecurity Verify Privilege On-Premisessecurity_verify_privilege_on-premises
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-43917
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.64%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 17:17
Updated-31 Mar, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

Action-Not Available
Vendor-Oracle CorporationHP Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29747
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.49% / 65.69%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 17:10
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CVE-2022-43851
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 35.05%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 20:39
Updated-15 Aug, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Console information disclosure

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aspera_consolewindowslinux_kernelAspera Console
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-43864
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.92% / 75.98%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 18:07
Updated-31 Mar, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Business Automation Workflow information disclosure

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_monitorBusiness Monitor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-43843
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 00:41
Updated-03 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Scale information disclosure

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-41734
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.50%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 17:38
Updated-12 Mar, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Asset Management information disclosure

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suitemaximo_asset_managementMaximo Asset Management
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-40234
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 17:25
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-40608
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.70% / 71.98%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 17:25
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-39168
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.21% / 42.70%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 15:40
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automation_for_servicesrobotic_process_automationrobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-39167
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 50.09%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 16:44
Updated-02 Apr, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Virtualize information disclosure

IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_virtualizeSpectrum Virtualize
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-38386
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 12:48
Updated-13 Aug, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteQRadar Suite for SoftwareCloud Pak for Securitycloud_pak_for_securityqradar_suite
CWE ID-CWE-1275
Sensitive Cookie with Improper SameSite Attribute
CVE-2023-47704
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.71%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:50
Updated-21 Nov, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager information disclosure

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsecurity_guardium_key_lifecycle_managerwindowslinux_kernelSecurity Guardium Key Lifecycle Manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-38391
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 18.36%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 20:31
Updated-15 Apr, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Control information disclosure

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.

Action-Not Available
Vendor-IBMLinux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-aixspectrum_controlwindowslinux_kernelSpectrum Control
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-45184
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-7.75% / 91.96%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 01:42
Updated-16 Sep, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i Access Client Solutions

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.

Action-Not Available
Vendor-IBM Corporation
Product-i_access_client_solutionsi Access Client Solutions
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-46177
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.67%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 14:11
Updated-02 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ Appliance information disclosure

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-33165
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 14.58%
||
7 Day CHG~0.00%
Published-14 Oct, 2023 | 14:16
Updated-17 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Server information disclosure

IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_integratorSecurity Directory Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-20442
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 22.01%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 17:00
Updated-16 Sep, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_verify_bridgeSecurity Verify Bridge
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-20380
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.73%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 14:45
Updated-16 Sep, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 195712.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_advisor_with_watsonQradar Advisor
CVE-2021-20441
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 26.57%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 17:00
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_verify_bridgeSecurity Verify Bridge
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20393
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.56%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 16:15
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_user_behavior_analyticsQRadar SIEM
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20354
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.46% / 64.18%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:10
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-20407
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 22.72%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-17 Sep, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-20439
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.70%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:00
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managersecurity_verify_accessSecurity Access ManagerSecurity Verify Access Docker
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-20412
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 20.21%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-20400
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.64%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 17:05
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-20409
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 26.17%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 196188.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-20373
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 53.30%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CVE-2021-20470
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 49.02%
||
7 Day CHG~0.00%
Published-03 Dec, 2021 | 17:00
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-521
Weak Password Requirements
CVE-2021-20564
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.93%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 16:15
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 199235.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-20337
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 24.92%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 12:10
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20566
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 24.92%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 16:15
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-resilient_security_orchestration_automation_and_responselinuxResilient SOAR
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20415
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 31.62%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 16:30
Updated-17 Sep, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_encryptionGuardium Data Encryption
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-20479
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 26.57%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 16:35
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_systemCloud Pak System
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20422
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.94%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 16:10
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_applicationsCloud Pak for Applications
CVE-2023-38361
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.22%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 17:24
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX Advanced information disclosure

IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelcics_txCICS TX Advanced
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20369
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 32.24%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 16:10
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_applicationsCloud Pak for Applications
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-20497
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.64%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 17:15
Updated-17 Sep, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969

Action-Not Available
Vendor-IBM CorporationDocker, Inc.
Product-security_verify_accessdockerSecurity Verify Access Docker
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20360
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.23%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 16:10
Updated-16 Sep, 2024 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_applicationsCloud Pak for Applications
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-38275
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-22 Oct, 2023 | 00:49
Updated-11 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Dashboards information disclosure

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_dashboards_on_cloud_pak_for_dataCognos Dashboards on Cloud Pak for Data
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-37398
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.16% / 36.99%
||
7 Day CHG~0.00%
Published-29 Jan, 2025 | 16:35
Updated-12 Feb, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

Action-Not Available
Vendor-IBM Corporation
Product-Aspera Faspex
CWE ID-CWE-521
Weak Password Requirements
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found