Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-33012

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-07 Nov, 2025 | 18:38
Updated At-07 Nov, 2025 | 18:56
Rejected At-
Credits

IBM Db2 improper account lockout

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:07 Nov, 2025 | 18:38
Updated At:07 Nov, 2025 | 18:56
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Db2 improper account lockout

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.

Affected Products
Vendor
IBM CorporationIBM
Product
Db2
CPEs
  • cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 10.5.0 through 10.5.11 (semver)
  • From 11.1.0 through 11.1.4.7 (semver)
  • From 11.5.0 through 11.5.9 (semver)
  • From 12.1.0 through 12.1.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-324CWE-324 Use of a Key Past its Expiration Date
Type: CWE
CWE ID: CWE-324
Description: CWE-324 Use of a Key Past its Expiration Date
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V10.5 TBD DT435638 Special Build for V10.5.11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER™ big endian Linux 64-bit, POWER™ little endian Linux 64-bit, System z®, System z9® or zSeries® Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V11.1 TBD DT435638 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER™ little endian Linux 64-bit, System z®, System z9® or zSeries® Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT435638 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT435638 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ibm.com/support/pages/node/7250469
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7250469
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:07 Nov, 2025 | 19:15
Updated At:19 Nov, 2025 | 16:37

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

IBM Corporation
ibm
>>db2>>Versions from 10.5.0.0(inclusive) to 10.5.0.11(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*
IBM Corporation
ibm
>>db2>>Versions from 11.1.0(inclusive) to 11.1.4.7(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*
IBM Corporation
ibm
>>db2>>Versions from 11.5.0(inclusive) to 11.5.9(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*
IBM Corporation
ibm
>>db2>>Versions from 12.1.0(inclusive) to 12.1.3(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*
Weaknesses
CWE IDTypeSource
CWE-324Primarypsirt@us.ibm.com
CWE ID: CWE-324
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7250469psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7250469
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

210Records found

CVE-2021-39066
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.64% / 46.33%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 12:04
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040.

Action-Not Available
Vendor-n/aIBM Corporation
Product-financial_transaction_managern/a
CWE ID-CWE-384
Session Fixation
CVE-2025-36377
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 8.24%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 20:32
Updated-20 Feb, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security QRadar EDR Software has multiple vulnerabilities

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_edrSecurity QRadar EDR
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-33136
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.29% / 20.50%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 16:14
Updated-26 Aug, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex data modification

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelaspera_faspexAspera Faspex
CWE ID-CWE-471
Modification of Assumed-Immutable Data (MAID)
CVE-2021-29730
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.97% / 57.50%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 16:55
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-29844
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.57% / 43.12%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 16:00
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_team_concertengineering_lifecycle_optimizationengineering_workflow_managementrational_rhapsody_design_managerengineering_requirements_quality_assistant_on-premisesRational DOORS Next GenerationEngineering Workflow ManagementRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerRational Team Concert
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-29907
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-1.47% / 70.65%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 16:05
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelopenpages_with_watsonOpenPages with Watson
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-29686
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.79% / 51.66%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 15:10
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CVE-2023-0041
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.46% / 36.35%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 00:53
Updated-08 Jan, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium session fixation

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2012-3336
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.97% / 57.64%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 15:39
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-infosphere_guardiumlinux_kernelInfoSphere Guardium
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-38387
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.88% / 54.55%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 18:16
Updated-01 May, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-cloud_pak_for_securitylinux_kernelCloud Pak for Security
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43581
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.07%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 17:07
Updated-22 Apr, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Content Navigator code execution

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.

Action-Not Available
Vendor-IBM Corporation
Product-content_navigatorContent Navigator
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-862
Missing Authorization
CVE-2022-43844
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.69% / 48.16%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 17:19
Updated-10 Apr, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation for Cloud Pak session fixation

IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.

Action-Not Available
Vendor-IBM CorporationRed Hat, Inc.
Product-openshiftrobotic_process_automation_for_cloud_pakRobotic Process Automation for Cloud Pak
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-43920
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.55% / 41.89%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 17:21
Updated-10 Apr, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator Standard Edition privilege escalation

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator Standard Edition
CVE-2022-43873
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.61% / 45.04%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 17:32
Updated-03 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Virtualize privilege escalation

An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_virtualizeSpectrum Virtualize
CVE-2022-43859
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.58% / 43.40%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 20:41
Updated-15 Apr, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Navigator for i SQL injection

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.

Action-Not Available
Vendor-IBM Corporation
Product-iNavigator for i
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45187
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.38% / 30.08%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:29
Updated-02 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization - Publishing session fixation

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_lifecycle_optimizationEngineering Lifecycle Optimization - Publishing
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2023-45185
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.99% / 58.22%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 14:04
Updated-02 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i Access Client Solutions code execution

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.

Action-Not Available
Vendor-IBM Corporation
Product-i_access_client_solutionsi Access Client Solutions
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-42438
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 40.98%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 18:59
Updated-25 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Multicloud Management Monitoring privilege escalation

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-cloud_pak_for_multicloud_management_monitoringlinux_kernelCloud Pak for Multicloud Management Monitoring
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2024-52359
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 21.93%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 19:39
Updated-18 Jul, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software improper access controls

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-286
Incorrect User Management
CVE-2024-52902
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 25.39%
||
7 Day CHG~0.00%
Published-19 Feb, 2025 | 14:50
Updated-15 Aug, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.

Action-Not Available
Vendor-IBM Corporation
Product-Cognos ControllerController
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-52899
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.5||HIGH
EPSS-0.77% / 51.18%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 00:34
Updated-04 Aug, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Data Virtualization Manager code execution

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.

Action-Not Available
Vendor-IBM Corporation
Product-data_virtualization_manager_for_z\/osData Virtualization Manager for z/OSdata_virtualization_manager_for_z-os
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-51465
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.19%
||
7 Day CHG+0.01%
Published-04 Dec, 2024 | 14:08
Updated-14 Aug, 2025 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise Certified Container command execution

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM CorporationRed Hat, Inc.
Product-openshiftapp_connect_enterprise_certified_containerApp Connect Enterprise Certified Container
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-51450
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.01% / 58.77%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:15
Updated-08 Aug, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Directory Command Execution

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_directorySecurity Verify Directory
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20443
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.83% / 52.92%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:10
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsmaximo_for_civil_infrastructurelinux_kernelMaximo for Civil Infrastructure
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2024-49803
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 51.10%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 16:50
Updated-29 Jan, 2025 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance command execution

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49808
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.26% / 17.83%
||
7 Day CHG~0.00%
Published-18 Apr, 2025 | 11:03
Updated-01 Sep, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Direct Web Services improper authorization

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.

Action-Not Available
Vendor-Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-sterling_connect_direct_web_serviceslinux_kernelaixwindowsSterling Connect:Direct Web Services
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-49825
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 7.67%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 14:53
Updated-01 Sep, 2025 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation session fixation

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automationrobotic_process_automation_for_cloud_pakRobotic Process Automation for Cloud PakRobotic Process Automation
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2021-20517
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-1.86% / 76.65%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 14:05
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_server_ndWebSphere Application Server ND
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-20423
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-1.06% / 60.57%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 16:10
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_applicationsCloud Pak for Applications
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-40695
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.35% / 27.12%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 18:18
Updated-07 Jan, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller session fixation

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-45651
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 16.49%
||
7 Day CHG~0.00%
Published-18 Apr, 2025 | 11:04
Updated-01 Sep, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Direct Web Services session fixation

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-sterling_connect_direct_web_serviceslinux_kernelaixwindowsSterling Connect:Direct Web Services
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-45075
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 35.68%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 16:01
Updated-29 Sep, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM webMethods Integration privilege escalation

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.

Action-Not Available
Vendor-IBM Corporation
Product-webmethods_integrationwebMethods Integration
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-27868
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.38% / 68.74%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:46
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 code execution

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-27869
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.38% / 68.75%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:40
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 code execution

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-43181
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 13.15%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 21:18
Updated-05 Feb, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-IBM Corporation
Product-Concert
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-39750
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 48.66%
||
7 Day CHG~0.00%
Published-25 Jan, 2025 | 14:04
Updated-29 Sep, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Analytics Content Hub buffer overflow

IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

Action-Not Available
Vendor-IBM Corporation
Product-analytics_content_hubAnalytics Content Hub
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-40681
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.18%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 14:09
Updated-15 Aug, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ security bypass

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.

Action-Not Available
Vendor-IBM Corporation
Product-supplied_mq_advanced_container_imagesmq_operatorMQ
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2020-4647
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.96% / 57.19%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 16:40
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4633
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.75% / 84.39%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 14:20
Updated-16 Sep, 2024 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.

Action-Not Available
Vendor-IBM Corporation
Product-resilient_security_orchestration_automation_and_responseResilient
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4362
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-2.44% / 82.30%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 14:00
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CVE-2020-4974
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.60% / 44.29%
||
7 Day CHG~0.00%
Published-28 Jul, 2021 | 12:25
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerengineering_test_managementrational_quality_managerrational_team_concertrational_collaborative_lifecycle_managementengineering_workflow_managementengineering_lifecycle_optimization_-_engineering_insightsengineering_requirements_quality_assistant_on-premisesRational Quality ManagerRational DOORS Next GenerationEngineering Workflow ManagementRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerEngineering Test ManagementRational Team Concert
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4294
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.24% / 65.64%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4611
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-1.63% / 73.32%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CVE-2020-4621
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-1.35% / 67.99%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-17 Sep, 2024 | 04:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-4921
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-1.50% / 71.18%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 15:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4328
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.17% / 63.65%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 12:35
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4902
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.97% / 57.50%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 15:40
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsdatacap_navigatorDatacap Navigator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4272
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.98% / 85.61%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-4620
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-5.19% / 91.45%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-4662
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.29% / 66.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 12:40
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233.

Action-Not Available
Vendor-IBM Corporation
Product-event_streamsEvent Streams
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found