Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-36034

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-26 Jun, 2025 | 15:14
Updated At-26 Aug, 2025 | 14:51
Rejected At-
Credits

IBM InfoSphere DataStage Flow Designer information disclosure

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:26 Jun, 2025 | 15:14
Updated At:26 Aug, 2025 | 14:51
Rejected At:
▼CVE Numbering Authority (CNA)
IBM InfoSphere DataStage Flow Designer information disclosure

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

Affected Products
Vendor
IBM CorporationIBM
Product
InfoSphere Information Server
CPEs
  • cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 11.7
Problem Types
TypeCWE IDDescription
CWECWE-319CWE-319 Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: CWE-319 Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT439751 --Apply InfoSphere Information Server version 11.7.1.0 --Apply InfoSphere Information Server version 11.7.1.6 --Apply InfoSphere DataStage Flow Designer security patch

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7237604
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7237604
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:26 Jun, 2025 | 16:15
Updated At:14 Aug, 2025 | 20:57

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>infosphere_information_server>>11.7
cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-319Primarypsirt@us.ibm.com
CWE ID: CWE-319
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7237604psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7237604
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

225Records found
CVE-2022-43927
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 16:51
Updated-18 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows information disclosure

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

Action-Not Available
Vendor-IBM CorporationHP Inc.Microsoft CorporationOracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-52366
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.73%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 11:59
Updated-18 Jul, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software information disclosure

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-47119
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.87%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 15:23
Updated-08 Aug, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender - Resiliency Service improper certificate validation

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-45643
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.42%
||
7 Day CHG~0.00%
Published-14 Mar, 2025 | 14:49
Updated-16 Jul, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar EDR information disclosure

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-security_qradar_edrlinux_kernelQRadar EDR
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-43190
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 13.96%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 17:45
Updated-24 Aug, 2025 | 11:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Requirements Management DOORS weak authentication

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_requirements_management_doorsengineering_requirements_management_doors_web_accessEngineering Requirements Management DOORS
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2024-41757
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 15:14
Updated-18 Jul, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software information disclosure

IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2024-41781
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 20.01%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 11:55
Updated-15 Aug, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM PowerVM Hypervisor information disclosure

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore.

Action-Not Available
Vendor-IBM Corporation
Product-power_system_l922power_system_s924power_system_h922power_system_s914power_system_e950powervm_hypervisorpower_system_h924power_system_s922power_system_e980PowerVM Hypervisor
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-41775
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.20%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 17:13
Updated-11 Dec, 2024 | 03:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-41738
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 26.24%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 16:36
Updated-14 Nov, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms information disclosure

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-txseries_for_multiplatformsTXSeries for Multiplatforms
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CVE-2024-39746
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.73%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 10:29
Updated-23 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsterling_connect_direct_web_serviceswindowslinux_kernelSterling Connect:Direct Web Services
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2024-39745
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 13.92%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 11:06
Updated-23 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsterling_connect_direct_web_serviceswindowslinux_kernelSterling Connect:Direct Web Services
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-39731
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 9.90%
||
7 Day CHG-0.02%
Published-15 Jul, 2024 | 01:36
Updated-02 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Datacap Navigator information disclosure

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.

Action-Not Available
Vendor-IBM Corporation
Product-datacapDatacap Navigator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-38314
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 17:23
Updated-08 Jul, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Application Suite - Monitor Component information disclosure

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suiteMaximo Application Suite - Monitor Component
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2024-38325
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.46%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 15:27
Updated-14 Aug, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender information disclosure

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defenderStorage Defender - Resiliency Service
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2024-38341
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-28 May, 2025 | 15:21
Updated-16 Aug, 2025 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Secure Proxy information disclosure

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_secure_proxySterling Secure Proxy
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-37068
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 13:43
Updated-21 Sep, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suiteMaximo Application Suite
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-31905
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 9.74%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 16:56
Updated-28 Aug, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Network Packet Capture information disclosure

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_network_packet_captureQRadar Network Packet Capture
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2024-31896
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.01% / 1.20%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 18:58
Updated-18 Aug, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM SPSS Statistics information disclosure

IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-spss_statisticsSPSS Statistics
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-28780
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.42%
||
7 Day CHG~0.00%
Published-19 Feb, 2025 | 15:39
Updated-25 Jul, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client  uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-Cognos ControllerController
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-27255
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 11:54
Updated-23 Dec, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ Container information disclosure

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.

Action-Not Available
Vendor-IBM Corporation
Product-mq_operatorMQ Operator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-27256
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 16:27
Updated-18 Aug, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ Operator information disclosure

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-mq_operatorsupplied_mq_advanced_container_imagesMQ Operator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22353
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 11:43
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server Liberty
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-22314
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 16:17
Updated-28 Aug, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22347
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 5.04%
||
7 Day CHG~0.00%
Published-20 Jan, 2025 | 17:41
Updated-14 Aug, 2025 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Velocity information disclosure

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-devops_velocityurbancode_velocityDevOps VelocityUrbanCode Velocity
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22361
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 8.94%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 15:13
Updated-19 Aug, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Semeru Runtime information disclosure

IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.

Action-Not Available
Vendor-IBM Corporation
Product-semeru_runtimeSemeru Runtime
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22341
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 00:38
Updated-15 Aug, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Query on Cloud Pak for Data information disclosure

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.

Action-Not Available
Vendor-IBM Corporation
Product-Watson Query on Cloud Pak for Data
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-22355
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 19.44%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 12:20
Updated-23 Dec, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite information dislosure

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteQRadar Suite ProductsCloud Pak for Security
CWE ID-CWE-521
Weak Password Requirements
CVE-2024-41778
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.69%
||
7 Day CHG~0.00%
Published-01 Mar, 2025 | 14:22
Updated-08 Aug, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Controller information disclosure

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

Action-Not Available
Vendor-IBM Corporation
Product-controllerController
CWE ID-CWE-521
Weak Password Requirements
CVE-2024-38321
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.34%
||
7 Day CHG~0.00%
Published-03 Aug, 2024 | 13:34
Updated-06 Sep, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Business Automation Workflow information disclosure

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowBusiness Automation Workflow
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-38324
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-24 Sep, 2024 | 10:24
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender improper certificate validation

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.

Action-Not Available
Vendor-IBM Corporation
Product-Storage Defender - Resiliency Service
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CVE-2024-55912
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 00:36
Updated-28 Aug, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-concertlinux_kernelConcert Software
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-39072
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 43.91%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 16:15
Updated-16 Sep, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 215581.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CVE-2022-33163
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.40%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 01:10
Updated-12 Dec, 2024 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Suite VA information disclosure

IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_suite_vaSecurity Directory Suite VA
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-51456
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 8.33%
||
7 Day CHG~0.00%
Published-12 Jan, 2025 | 13:26
Updated-28 Mar, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsrobotic_process_automationRobotic Process Automation
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-780
Use of RSA Algorithm without OAEP
CVE-2022-34320
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 19:27
Updated-29 Apr, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX information disclosure

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.

Action-Not Available
Vendor-IBM Corporation
Product-cics_txCICS TX
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-49783
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 14.42%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 18:36
Updated-24 Aug, 2025 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-linux_kernelwindowsopenpages_with_watsonOpenPages with Watson
CWE ID-CWE-329
Generation of Predictable IV with CBC Mode
CVE-2024-49784
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.19%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 18:35
Updated-24 Aug, 2025 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-linux_kernelwindowsopenpages_with_watsonOpenPages with Watson
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29785
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.88%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 19:40
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsoarSecurity SOAR
CVE-2024-43189
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 8.19%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 14:51
Updated-18 Jul, 2025 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-43186
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.55%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 23:49
Updated-08 Jul, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-windowsinfosphere_information_serverlinux_kernelaixInfoSphere Information Server
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2024-41763
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.46%
||
7 Day CHG~0.00%
Published-04 Jan, 2025 | 14:38
Updated-21 Mar, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization - Publishing information disclosure

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelengineering_lifecycle_optimization_publishingwindowsEngineering Lifecycle Optimization Publishing
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-38320
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.03%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 15:43
Updated-18 Aug, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure

IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationHP Inc.Microsoft CorporationLinux Kernel Organization, IncApple Inc.
Product-storage_protect_for_virtual_environmentslinux_kernelwindowsstorage_protectmacossolarishp-uxaixStorage Protect for Virtual Environments: Data Protection for VMwareStorage Protect Backup-Archive Client
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-38322
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.08%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 18:34
Updated-20 Aug, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender information disclosure

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-204
Observable Response Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-20441
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 33.80%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 17:00
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_verify_bridgeSecurity Verify Bridge
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4175
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 52.65%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-862
Missing Authorization
CVE-2020-4816
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.02%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 13:05
Updated-16 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-862
Missing Authorization
CVE-2020-4905
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 47.25%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 20:35
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CVE-2020-4565
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 46.92%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 13:45
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1600
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-0.10% / 27.64%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 17:00
Updated-16 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix Platform
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-1525
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 32.02%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 14:00
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117.

Action-Not Available
Vendor-IBM Corporation
Product-i2_enterprise_insight_analysisi2 Enterprise Insight Analysis
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found