Ibm Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

IBM WebSphere Application Server426
IBM AIX362
IBM DB2262
IBM Maximo Asset Management152
IBM InfoSphere Information Server143

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix4432
Temporary Fix1
Workaround28
Unavailable12
Not Defined2947

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High400
Functional2
Proof-of-Concept704
Unproven390
Not Defined5924

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical31
Local1079
Adjacent129
Network6181

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High274
Low3418
None3728

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required1931
None5489

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤21
≤385
≤4762
≤52028
≤61891
≤71084
≤8797
≤9311
≤10461

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤23
≤3107
≤4871
≤52152
≤61954
≤71060
≤8618
≤9427
≤10228

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤211
≤3214
≤41694
≤51578
≤61500
≤7980
≤8745
≤9238
≤10460

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤21
≤348
≤4163
≤5398
≤61274
≤7576
≤8667
≤9327
≤10170

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤21
≤349
≤4169
≤5410
≤6890
≤7451
≤8227
≤9148
≤1040

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤42
≤51
≤69
≤710
≤83
≤95
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k25
<2k41
<5k894
<10k2809
<25k2771
<50k788
<100k92
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k4482
<2k692
<5k1165
<10k656
<25k412
<50k13
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (1020): 4758 (1), AFP Viewer Plug-in (1), AIX (362), AIX Parallel Systems Support Programs (1), AIX eNetwork Firewall (1), API Connect (75), API Connect Developer Portal (1), API Management (5), AS400 (3), AS400 Firewall (1), Access Support ActiveX control (1), Administration Center (1), Advanced Management Module (8), Algo Credit Limits (1), Algo One (12), Algo Risk Application (1), Algorithmics (8), Algorithmics Algo One Algo Risk Application (1), Algorithmics One-Algo Risk Application (3), Apex (1), App Connect (1), App Connect Enterprise (12), App Connect Enterprise Certified Container (8), App Connect Enterprise Certified Container Dashboard UI (1), AppScan (1), AppScan Enterprise Edition (3), AppScan Source (2), Application Control (1), Application Gateway (2), Application Performance Management (3), Application Performance Management for Monitoring (1), Application Support Facility (2), Aspera (5), Aspera Cargo (4), Aspera Cloud (1), Aspera Connect (5), Aspera Console (7), Aspera Faspex (26), Aspera High-Speed Transfer (1), Aspera Orchestrator (5), Aspera Shares (2), Aspera Web Application (1), Atlas Policy Suite (1), Atlas eDiscovery Process Management (6), Automation Workstream Services (1), B2B Advanced Communications (7), Backup, Recovery, and Media Services for IBM i (1), BigFix Compliance (7), BigFix Compliance Analytics (1), BigFix Inventory (10), BigFix Platform (28), BigFix Remote Control (22), BigFix Software Distribution (1), BigFix WebUI Profile Management (1), Big SQL on IBM Cloud Pak for Data (1), BladeCenter (3), BladeCenter Advanced Management Module (7), Bladecenter 10g Vfsm (1), Bluemix (2), Bootable Media Creator (1), Business Automation Content Analyzer on Cloud (1), Business Automation Workflow (46), Business Intelligence (1), Business Process Manager (80), Business Process Monitor (2), CD (1), CICS TX (17), CICS TX Advanced (22), CICS TX Standard (18), CICS Transaction Gateway Containers (1), CICS Transaction Gateway for Multiplatforms (2), CICS Transaction Server (1), CMIS (3), CTSS (1), Call Center for Commerce (1), Campaign (8), Capacity Management Analytics (3), Case Foundation Administration Console for Content Platform Engine (1), Case Manager (4), Change (2), Classic Meeting Server (1), Classic Sametime Meeting Server (1), ClearQuest (1), Client Security Password Manager (1), Cloud APM (3), Cloud App Management (3), Cloud Application Performance Management (1), Cloud Automation Manager (4), Cloud CLI (1), Cloud Object System (1), Cloud Orchestrator (15), Cloud Orchestrator Enterprise (3), Cloud Pak System (20), Cloud Pak System Suite (1), Cloud Pak for Applications (12), Cloud Pak for Automation (8), Cloud Pak for Business Automation (6), Cloud Pak for Data (4), Cloud Pak for Multicloud Management (3), Cloud Pak for Multicloud Management Monitoring (2), CloudPak for Multicloud Monitoring (1), Cloud Pak for Security (48), Cloud Private (14), Cloud Private Kubernetes API Server (1), Cloud Transformation Advisor (1), Cloudscape (1), Cognos 8 Business Intelligence (2), Cognos Analytics (86), Cognos Analytics CA (1), Cognos Analytics Mobile (2), Cognos Analytics PowerPlay (1), Cognos Analytics Reports (1), Cognos Analytics on Cloud Pak for Data (1), Cognos Anaytics (1), Cognos Business Intelligence (27), Cognos Command Center (5), Cognos Controller (34), Cognos Dashboards on Cloud Pak for Data (3), Cognos Disclosure Management (3), Cognos Express (4), Cognos Mobile (1), Cognos Server (1), Cognos TM1 (13), Collaborative Lifecycle Management (1), Common Cryptographic Architecture (3), Common Licensing (3), Communications Server (1), Compliance (1), Concert (3), Concert Software (5), Configuration Management Database (2), Connect (1), Connect:Direct for UNIX (1), Connections (45), Connections Engagement Center (1), Connections Portlets (1), Content Collector (2), Content Foundation (1), Content Manager Enterprise Edition Resource Manager (1), Content Navigator (33), Content Navigator (3), Content Template Catalog (1), Contract Management (5), Control Center (3), Control Desk (4), Counter Fraud Management for Safer Payments (2), Cram Social Program Management (1), Cunter Fraud Management for Safer Payments (1), Curam Social Program Management (45), DB (1), DB2 (263), DB2 Accessories Suite (1), DB2 Connect (7), DB2 Connect Server (55), DB2 Content Manager (6), DB2 High Performance Unload (4), DB2 JDBC Driver for DB2 (3), DB2 Mirror for i (1), DB2 Tools for zOS (1), DB2 UDB (45), DB2 Universal Database (106), DB2 Warehouse on Cloud Pak for Data (1), DB2 on Cloud Pak for Data (1), DOORS (1), DOORS Next Generation (29), DS8900F (4), Daeja ViewONE (9), Daeja ViewONE Virtual (1), Daeja ViewOne Virtual (1), Data Domain DD OS (1), Data ONTAP (1), DataPower Gateway (27), DataPower Gateway Appliance (2), DataPower Gateway V10CD (1), DataPower Gateways (5), Data Risk Manager (18), DataStage on Cloud Pak for Data (1), Data Studio (3), Data Virtualization Manager for zOS (1), Data Virtualization on Cloud Pak for Data (1), Datacap Fastdoc Capture (2), Datacap Navigator (12), Datacap Taskmaster Capture (6), Db2 Big SQL on Cloud Pak for Data (1), Db2 Content Manager Toolkit (1), Db2 Mirror for i (1), Db2U (1), Deployment Services (8), DevOps Deploy (5), Diagnostics (1), Director (6), Director Agent (2), Directory Server for IBM i (1), Disconnected Log Collector (1), Distributed Marketing (2), Domino (19), Domino Server (3), Domino Web Access (3), Doors Web Access (6), Ds4100 (2), E-Business Suite (5), EN6131 (2), ENOVIA (2), ENOVIA SmarTeam (2), ESA DM (1), ESS 5000 Server (1), Edge (5), Egatherer (1), Elastic Storage Server (2), Elastic Storage System (4), Elastic Storage Systems (1), Emptoris Contract Management (11), Emptoris Program Management (2), Emptoris Services Procurement (4), Emptoris Sourcing (15), Emptoris Sourcing Portfolio (2), Emptoris Spend Analysis (12), Emptoris Strategic Supply Management (6), Emptoris Supplier Lifecycle Management (6), Endpoint Manager for Remote Control (2), Endpoint Manager for Security (1), Endpoint Manager for Software Use Analysis (1), Engineering (26), Engineering Insights (1), Engineering Lifecycle Optimization (10), Engineering Lifecycle Optimization Publishing (1), Engineering Requirements Management (3), Engineering Requirements Management DOORS (1), Engineering Requirements Management DOORS Next (1), Engineering Requirements Quality Assistant (1), Engineering Requirements Quality Assistant On-Premises (8), Engineering Systems Design Rhapsody (1), Engineering Test Management (2), Engineering Workflow Management (2), Enterprise Records (2), Environment Manager (1), Event Manager (1), Event Streams (3), FSP (1), FileNet Business Process Framework (1), FileNet Content Manager (13), FileNet P8 Application Engine (12), FileNet P8 Content Engine (1), FileNet P8 Content Manager (1), FileNet Workplace (5), FileNet Workplace XT (1), Filenet Content Foundation (1), Filenet Content Manager (6), Filenet P8 Business Process Manager (1), Financial Transaction Manager (45), Financial Transaction Manager for Digital Payments for Multi-Platform (6), Financial Transaction Manager for High Value Payments for Multi-Platform (1), Financial Transaction Manager for SWIFT Services (1), Financial Transaction Manager for SWIFT Services for Multiplatforms (2), FlashSystem (11), Flash System 900 (1), FlashSystem 900 (2), FlashSystem V840 (1), FlashSystem V900 (1), Flash System V9000 (1), Flex System (1), Flex System Integrated Management Module (1), Flex System Manager (5), Flex System x222 (1), Flexible Service Processor (1), Forms Experience Builder (5), Forms Server (1), Forms Viewer (1), Fulfillment Foundation (3), G400 Ips-g400-ib-1 Appliance (1), GINA (1), GPFS Storage Server (1), GSKit (1), GSKit-Crypto (1), General Parallel File System (12), Global Configuration Management (1), Global Console Manager 16 (3), Global Console Manager 32 (1), Global Retention Policy (1), Global Security Kit (1), Guardium Activity Insights (1), Guardium Data Encryption (16), HACMP (1), HMC (1), HTTP Server (12), Hardware Management Console (6), Hardware_management_console (2), High Availability Cluster Multiprocessing (1), HomePagePrint (1), Host Access Transformation Services (1), Host On-Demand (1), Host firmware for LC-class Systems (2), IB6131 (2), IBM Aspera Faspex (1), IBM Db2U (1), IBM MQ (2), IBM MQ AMQP Channels (1), IBM QRadar (2), IBM QRadar WinCollect Agent (1), IBM Spectrum Protect for Virtual Environments (1), IBM Sterling B2B Integrator Standard Edition (3), IBM Tivoli Netcool (3), ICP4A (2), ILOG (1), IMS Enterprise Suite (2), IMS Enterprise Suite Data Provider (1), Impact (2), InfoSphere (3), InfoSphere BigInsights (20), InfoSphere Change Data Capture for zOS (1), InfoSphere Data Replication (1), InfoSphere Data Replication Dashboard (3), InfoSphere DataStage (6), InfoSphere FastTrack (1), InfoSphere Global Name Management (1), InfoSphere Guardium (3), InfoSphere Identity Insight (1), InfoSphere Information Governance Catalog (2), InfoSphere Information Server (143), InfoSphere Information Server Metadata Workbench (1), InfoSphere Information Systems (1), InfoSphere Master Data Management (19), InfoSphere Master Data Management Collaboration Server (8), InfoSphere Master Data Management Server for Product Information Management (3), InfoSphere Metadata Asset Manager (1), InfoSphere Metadata Workbench (2), InfoSphere Optim Data Growth for Oracle E-Business Suite (6), InfoSphere Optim Performance Manager (1), InfoSphere Optim Workload Replay (2), InfoSphere Replication Server (1), InfoSphere Server (1), InfoSphere Streams (3), Infoprint 21 (1), Information Server Framework (1), Informix (2), Informix Connect Runtime (1), Informix Dynamic Database Server (4), Informix Dynamic Database server (1), Informix Dynamic Server (43), Informix Dynamic Server Enterprise Edition (8), Informix Extended Parallel Server (3), Informix JDBC (1), Informix JDBC Driver (1), Informix Open Admin Tool (2), Informix Spatial (1), Informix Storage Manager (1), Informix Web Datablade (3), Infosphere Information Server (1), Infosphere Information Server Information Services Framework (2), Infosphere Master Data Management Collaborative Server (4), Infosphere Master Data Management Reference Data Management Hub (1), Infosphere Master Data Management Server (7), Infosphere Optim Data Growth For Oracle E-business Suite (3), Infosphere Optim Data Growth Solution For Siebel Crm (1), Initiate Master Data Service (7), Insights Foundation for Energy (4), Installation Manager (2), Integrated Management Module (2), Integration Bus (13), Integration Bus Manufacturing Pack (1), Integration Bus for zOS (1), Intelligence (18), Intelligence Virtual Appliance (2), Intelligent Operations Center (11), Intelligent Operations Center for Emergency Management (1), Interact (2), Inventory Scout (1), J9 VM (1), JDK (2), Java (25), Java Runtime Environment (1), Java SDK (4), Java Technology Edition (1), Java Virtual Machine (1), Jazz (4), Jazz Foundation (68), Jazz Foundation Reporting Service (4), Jazz Reporting Service (46), Jazz Team Server (28), Jazz for Service Management (36), Kenexa LCMS Premier on Cloud (16), Kenexa LMS on Cloud (16), Knowledge Management (1), Leads (5), Lenovo 7cetb5ww (1), Liberty (3), License Metric Tool (8), Loopback (1), Lotus (1), Lotus Connections (14), Lotus Domino (102), Lotus Domino Enterprise Server (1), Lotus Domino R5 (3), Lotus Domino Server (7), Lotus Domino Web Access (1), Lotus Domino Web Server (7), Lotus Domino iNotes Client (2), Lotus Expeditor (3), Lotus Expeditor Client (1), Lotus Foundations Start (1), Lotus Instant Messaging (1), Lotus Mobile Connect (7), Lotus Notes (66), Lotus Notes Intellisync (1), Lotus Notes Traveler (21), Lotus Notes connector (1), Lotus Protector for Mail Security (6), Lotus Quickplace (1), Lotus Quickr (19), Lotus Quickr Server (1), Lotus Quickr for Domino (3), Lotus Sametime (12), Lotus Sametime Enterprise Meeting Server (4), Lotus Sametime WebPlayer (1), Lotus Symphony (8), Lotus Web Content Management (1), Lotus Workplace Web Content Management (2), Lotus cc:Mail (1), Lotus iNotes (10), MQ (44), MQ Advanced Cloud Pak (1), MQ Appliance (40), MQ Certified Container (1), MQ Console (1), MQ Internet Pass-Thru (2), MQ Light (4), MQ M2000 (3), MQ Managed File Transfer Agent (1), MQ Operator (6), MQ for HPE NonStop (7), MaaS360 (3), MaaS360 DTM (1), Management Platform (5), Marketing Operations (4), Marketing Platform (13), Mashup Center (2), Maximo (1), Maximo Anywhere (10), Maximo Application Suite (13), Maximo Asset (1), Maximo Asset Management (152), Maximo Asset Management Essentials (2), Maximo Asset Management Manage Component (1), Maximo For Oil And Gas (3), Maximo Health- Safety (1), Maximo Industry Solutions (3), Maximo Manage (1), Maximo Mobile (1), Maximo Spatial Asset Management (3), Maximo for Civil Infrastructure (4), Maximo for Utilities (3), Merge Healthcare eFilm Workstation (4), MessageSight (1), Messagesight Jms Client (4), Metrica Service Assurance Framework (1), MobileFirst Platform Foundation (1), MobileFoundation (1), Mobile Foundation (1), Multi-Cloud Data Encryption (1), Multi-Enterprise Integration Gateway (6), Multicloud Manager (1), NOS (1), Navigator Mobile Android (1), Navigator for i (6), Navio NC Browser (1), NeXtScale (1), Net.Data (4), Netcool (1), Netezza (6), Netezza Performance Portal (3), Netezza Platform Software (1), Netfinity Remote Control (1), Network Appliance Data ONTAP (1), Network Multi-Function Security (1), Network Station Manager (1), Notes (10), Notes Diagnostics (3), Notes Traveler (1), Notes Traveler Companion (1), OMNIbus (5), OMNIbus_GUI (9), OPENBMC OP910 (2), OPENBMC OP940 (1), OS (1), OS-360 (1), OS2 (1), OS400 (6), Observability with Instana (2), OmniFind (11), OnCommand Unified Manager for Clustered Data ONTAP (1), OpenAdmin Tool (1), OpenBMC (2), OpenBMC OP910 (1), OpenBMC OP920 (1), OpenBMC OP930 (1), OpenBMC OP940 (2), OpenPages (1), OpenPages GRC Platform (20), OpenPages with Watson (4), Open Power Firmware OP910 (1), Open Power Firmware OP920 (1), Operational Decision Management (1), Operational Decision Manager (6), Optim Performance Manager (4), Optim Workload Replay (1), P8 Content Engine (1), Packaging Utility (1), Parallel Environment (1), Partner Engagement Manager (9), Performance Tools for i (1), Personal Communications (4), Planning Analytics (44), Planning Analytics Cartridge for Cloud Pak for Data (3), Planning Analytics Local (6), Planning Analytics Workspace (3), Planning Analytics on Cloud Pak for Data (1), Platform LSF (2), Platform Symphony (7), Power 5 (1), Power9 (1), Power 9 AC922 OP910 (1), Power 9 FW910 (1), Power 9 OP910 (1), Power 9 OP920 (2), Power 9 OP930 (1), Power 9 OP940 (1), Power9 Self Boot Engine (1), Power FW950 (1), Power FW1010 (1), PowerHA (2), PowerHA SystemMirror (1), Power Hardware Management Console (5), PowerKVM (1), PowerSC (13), Power System (1), Power System S821LC Server (1), PowerVC (6), PowerVC Standard Edition (1), PowerVM (1), PowerVM Hypervisor (8), PowerVM Hypervisor FW860 (2), PowerVM Hypervisor FW920 (1), PowerVM Hypervisor FW930 (2), PowerVM Hypervisor FW940 (5), PowerVM Hypervisor FW950 (5), PowerVM Hypervisor FW1010 (1), PowerVM VIOS (1), Predictive Solutions Foundation (2), Process Federation Server (1), Proventia Network IPS GX5108 (2), Proventia Network Mail Security System (1), Proventia Network Mail Security System Virtual Appliance (4), Proventia Network Mail Security System Vitual Appliance (1), Publishing Engine (4), Pulse for QRadar (1), PureApplication System (6), QRadar (37), QRadar Advisor (5), QRadar Advisor with Watson App (1), QRadar Analyst Workflow App (1), QRadar Data Synchronization App (1), QRadar Incident Forensics (7), QRadar Network Packet Capture (2), QRadar Network Security (8), QRadar Risk Manager (2), QRadar SIEM (96), QRadar Security Information (1), QRadar Suite (1), QRadar Suite Products (2), QRadar Suite Software (14), QRadar Suite for Software (1), QRadar User Behavior Analytics (6), QRadar WinCollect Agent (6), Qradar Security Information And Event Manager (18), Quality Manager (14), QuickFile (1), RELM (8), RSA DM (1), Rational (5), Rational AppScan (13), Rational AppScan Source (2), Rational Application Developer for WebSphere (1), Rational Asset Analyzer (1), Rational Asset Manager (2), Rational Automation Framework (1), Rational Build Forge (4), Rational Business Developer (1), Rational Change (1), Rational ClearCase (16), Rational ClearQuest (37), Rational Clearcase (2), Rational Clearquest (2), Rational Collaborative Lifecycle Management (69), Rational DOORS (1), Rational DOORS Next Generation (14), Rational DOORS Web Access (5), Rational Developer for System z (1), Rational Development Studio for i (1), Rational Directory Server (2), Rational Doors Next Generation (8), Rational Engineering Lifecycle Manager (20), Rational Focal Point (9), Rational Framework (1), Rational Insight (1), Rational License Key Server (5), Rational License Server (1), Rational Lifecycle Integration Adapter for Windchill (1), Rational Performance Tester (1), Rational Policy Tester (8), Rational Publishing Engine (5), Rational Quality Manager (82), Rational Requirements Composer (10), Rational RequisitePro (2), Rational Rhapsody Design Manager (9), Rational Software Architect (2), Rational Software Architect Design Manager (12), Rational System Architect (1), Rational Team Concert (38), Rational Test Lab Manager (1), Rational Test Virtualization Server (1), Rational Test Workbench (1), Remote Control (1), Remote Supervisor Adapter II (1), Reporter (1), Repository (19), Resilient (1), Resilient OnPrem (2), Resilient SOAR (8), Rhapsody DM (12), Rhapsody Model Manager (1), Robotic Process Automation (40), Robotic Process Automation for Cloud Pak (7), Robotic Process Automation with Automation Anywhere (19), Runbook Automation (1), Runtimes for Java Technology (2), SAML-based Single Sign-On (1), SAN Volume Controller (12), SAS Connectivity Module (2), SDK (6), SDK Java Technology Edition (6), SOAR QRadar Plugin App (3), SPSS Analytic Server (2), SPSS Analytical Decision Management (4), SPSS Collaboration (8), SPSS Data Collection (1), SPSS Dimensions (2), SPSS Modeler (6), SPSS SamplePower (7), SPSS Statistics (5), Sametime (16), Sametime Connect (1), Sametime Connect Client (2), Sametime Enterprise Meeting Server (3), Sametime Media Server (1), Sametime Media Services (2), Sametime Meeting Server (18), Sametime Proxy Server (1), Sametime WebPlayer (1), San Volume Controller Software (1), Scale Out Network Attached Storage (3), Schedule Management (1), Secure External Authentication Server (3), Secure Proxy (2), Secureway Directory (2), Secureway Firewall (1), Security Access Manager (30), Security Access Manager Appliance (19), Security Access Manager Container (7), Security Access Manager Docker (5), Security Access Manager For Mobile Software (2), Security Access Manager For Web (17), Security Access Manager For Web 8.0 (3), Security Access Manager For Web Appliance (2), Security Access Manager for Enterprise Single Sign-On (5), Security Access Manager for Mobile (2), Security Access Manager for Web (17), Security AppScan (7), Security AppScan Enterprise (12), Security AppScan Source (5), Security Directory Integrator (4), Security Directory Server (18), Security Directory Suite (1), Security Directory Suite VA (6), Security Guardium (102), Security Guardium Big Data Intelligence (17), Security Guardium Data Encryption (19), Security Guardium Database Activity Monitor (11), Security Guardium EcoSystem (2), Security Guardium Insights (23), Security Guardium Key Lifecycle Manager (17), Security Identity Governance (20), Security Identity Governance Virtual Appliance (7), Security Identity Governance and Intelligence (11), Security Identity Manager (52), Security Identity Manager Adapter (1), Security Identity Manager Virtual Appliance (13), Security Information Queue (13), Security Key Lifecycle Manager (14), Security Network Protection (5), Security Network Protection XGS (1), Security Network Protection Xgs (1), Security Privileged Identity Manager (12), Security Privileged Identity Manager Virtual Appliance (11), Security QRadar EDR (3), Security QRadar Incident Forensics (8), Security QRadar QFLOW (1), Security QRadar SIEM (14), Security QRadar Vulnerability Manager (1), Security ReaQta (2), Security Risk Manager (2), Security SOAR (6), Security Secret Server (24), Security SiteProtector System (10), Security Trusteer Pinpoint Detect (1), Security Verify (8), Security Verify Access (25), Security Verify Access Appliance (20), Security Verify Access Container (1), Security Verify Access Docker (36), Security Verify Access OIDC Provider (1), Security Verify Bridge (6), Security Verify Directory (4), Security Verify Directory Integrator (4), Security Verify Governance (23), Security Verify Information Queue (20), Security Verify Privilege (1), Security Verify Privilege Manager (3), Security Verify Privilege On-Premise (1), Security Verify Privilege On-Premises (13), Semeru Runtime (1), Sendmail (1), Single Sign On for Bluemix (1), SiteProtector Appliance (2), Smart Analytics System 7710 (1), SmartCloud Analytics (5), SmartCloud Analytics Log Analysis (1), SmartCloud Control Desk (11), SmartCloud Provisioning (1), Social Media Analytics (2), Social Rendering Templates for Digital Data Connector (1), Spectrum Control (6), Spectrum Copy Data Management (16), Spectrum LSF (2), Spectrum LSF Suite (2), Spectrum Protect (26), Spectrum Protect Backup-Archive Client (3), Spectrum Protect Client (5), Spectrum Protect Operations Center (12), Spectrum Protect Plus (48), Spectrum Protect Plus Container Backup and Restore (1), Spectrum Protect Plus Server (1), Spectrum Protect Server (1), Spectrum Protect for Enterprise Resource Planning (1), Spectrum Scale (56), Spectrum Scale Container Native Storage Access (2), Spectrum Scale Data Access Services (1), Spectrum Scale for IBM Elastic Storage Server (3), Spectrum Suite for HPA (1), Spectrum Symphony (6), Spectrum Virtualize (17), Star Command Center (1), Sterling B2B Integrator (32), Sterling B2B Integrator Standard Edition (89), Sterling Connect (7), Sterling Connect:Direct (2), Sterling Connect:Direct Web Services (2), Sterling Connect:Direct for UNIX (2), Sterling Connect:Express (2), Sterling Connect Direct User Interface (2), Sterling Connect Direct Web Services (4), Sterling Connect Enterprise Http Option (1), Sterling Connect Express (1), Sterling Control Center (5), Sterling External Authentication Server (6), Sterling File Gateway (62), Sterling Gentran:Server (1), Sterling Order Management (7), Sterling Partner Engagement Manager (11), SterlingPartner Engagement Manager (2), Sterling Secure Proxy (26), Sterling Selling (3), Sterling Selling And Fulfillment Foundation (3), Storage Ceph (1), Storage Copy Data Management (1), Storage Defender (7), Storage Defender Data Protect (1), Storage Fusion HCI (1), Storage Protect (1), Storage Protect Plus Server (3), Storage Protect for Virtual Environments (2), Storage Scale (1), Storage Scale Container Native Storage Access (3), Storage Virtualize (3), StoreIQ (2), StoredIQ (6), Storwize (11), Storwize Unified V7000 Software (3), Storwize V7000 (5), Storwize V7000 Unified Software (3), Streams (1), SurePOS 500 (1), System Data Repository (1), System Networking Switch Center (4), System Storage DS8000 Management Console (2), System Storage DS8900F (1), System Storage TS3100-TS3200 Tape Library (1), System Storage Virtualization Engine (2), System Storage Virtualization Engine Ts7700 (1), System Update (1), System X (1), System X3250 M4 (4), System X Server (1), Systems Director (3), System x3xxx (1), System x IMM (1), System x iDataPlex (1), TKLM (1), TRIRIGA (4), TRIRIGA Application Platform (39), TRIRIGA Applications (1), TRIRIGA Document Manager (1), TRIRIGA Report Manager (1), TS3500 Tape Library (1), TS7700 Management Interface (2), TXSeries (1), TXSeries for Multiplatforms (13), Tealeaf CX (2), Tealeaf Consumer Experience (1), Tealeaf Customer Experience (16), Team Concert (9), ThinkVantage TPM (1), Ticoli Asset Manager (1), Tivoli (2), Tivoli Access Manager (1), Tivoli Access Manager for e-business (16), Tivoli Application Dependency Discovery Manager (24), Tivoli Business Service Manager (6), Tivoli Business Systems Manager (1), Tivoli Common Reporting (3), Tivoli Composite Application Manager For Transactions (1), Tivoli Composite Application Manager For Wesbsphere (1), Tivoli Continuous Data Protection For Files (1), Tivoli Directory Server (39), Tivoli Endpoint Manager (28), Tivoli Endpoint Manager MDM (2), Tivoli Endpoint Manager Mobile Device Management (1), Tivoli Federated Identity Manager (18), Tivoli Federated Identity Manager Business Gateway (5), Tivoli Firewall Toolbox (1), Tivoli IT Asset Management for IT (2), Tivoli Identity Manager (10), Tivoli Identity Manager Adapter (1), Tivoli Integrated Portal (4), Tivoli Key Lifecycle Manager (49), Tivoli Lightweight Infrastructure (1), Tivoli Management Framework (6), Tivoli Monitoring (17), Tivoli Monitoring Agent (1), Tivoli Monitoring Express (1), Tivoli Monitoring Portal (3), Tivoli Monitoring Service (1), Tivoli Netcool (16), Tivoli Netcool Impact (10), Tivoli Netcool Security Manager (3), Tivoli Netcool System Service Monitors (2), Tivoli Netcool Webtop (1), Tivoli Netview (1), Tivoli Netview Services (1), Tivoli OMEGAMON XE (2), Tivoli OPC Tracker Agent (2), Tivoli Provisioning Manager (1), Tivoli Provisioning Manager Express (2), Tivoli Provisioning Manager Express for Software Distribution (2), Tivoli Provisioning Manager Os Deployment (4), Tivoli Remote Control (2), Tivoli Secureway Policy Director (3), Tivoli Security Directory Server (6), Tivoli Service Automation Manager (1), Tivoli Service Desk (1), Tivoli Service Request Manager (9), Tivoli Storage (1), Tivoli Storage FlashCopy Manager (5), Tivoli Storage Manager (44), Tivoli Storage Manager Client (5), Tivoli Storage Manager Express (3), Tivoli Storage Manager Fastback (48), Tivoli Storage Manager For Space Management (1), Tivoli Storage Manager HSM (1), Tivoli Storage Manager Hsm (1), Tivoli Storage Manager Operations Center (4), Tivoli Storage Manager Server (1), Tivoli Storage Manager Windows Client (1), Tivoli Storage Manager for Space Management (3), Tivoli Storage Manager for Virtual Environments (5), Tivoli Storage Manger for Virtual Environments (2), Tivoli Storage Productivity Center (7), Tivoli Workload Automation for AIX (1), Tivoli Workload Scheduler (5), Tivoli_continuous_data_protection_for_files (1), TotalStorage DS400 (1), Transformation Extender Advanced (1), Traveler (1), Trusteer Android SDK (1), Trusteer Rapport (1), Trusteer iOS SDK (1), Ts3100 Tape Library (1), U2 Universe (4), Unified Extensible Firmware Interface (1), UpdateXpress System Packs Installer (1), UrbanCode (1), UrbanCode Build (2), UrbanCode Deploy (53), V5R4 (1), VIOS (51), Verify Gateway (8), Visualage for Java (1), WEBi (4), Water Operations for Waternamics (3), Watson CP4D Data Stores (5), Watson CloudPak for Data Data Stores (1), Watson Developer Cloud (1), Watson IoT Message Gateway (1), Watson IoT Platform (1), Watson Knowledge Catalog on Cloud Pak for Data (3), Watson Machine Learning on Cloud Pak for Data (1), Watson Query (1), Watson Query for Cloud Pak for Data (1), Watson Speech Services Cartridge for Cloud Pak for Data (1), Watson Studio Local (3), Web Conferencing (1), Web Content Manager (3), Web Experience Factory (2), WebShere MQ (1), WebSphere (22), WebSphere Application Liberty (2), WebSphere Application Server (429), WebSphere Application Server Liberty (24), WebSphere Application Server ND (1), WebSphere Automation (2), WebSphere Automation for Cloud Pak for Watson AIOps (1), WebSphere Automation for IBM Cloud Pak for Watson AIOps (2), WebSphere Business Events (1), WebSphere Business Modeler (1), WebSphere Cast Iron (3), WebSphere Cast Iron Cloud Integration (1), WebSphere Commerce (41), WebSphere Commerce Enterprise (6), WebSphere Commerce Suite (3), WebSphere Dashboard Framework (1), WebSphere DataPower (4), WebSphere DataPower Appliance (1), WebSphere DataPower XC10 (13), WebSphere DataPower XC10 appliance (4), WebSphere DataPower XML Security Gateway XS40 (1), WebSphere Edge Server (1), WebSphere Host On-Demand (1), WebSphere ILOG JRules (1), WebSphere ILOG Rule Team Server (2), WebSphere MQ (78), WebSphere MQIPT (1), WebSphere MQ Internet Pass-Thru (1), WebSphere MQ Light (3), WebSphere Message (3), WebSphere Message Broker (15), WebSphere Message Broker SOAP FLOWS (1), WebSphere Message Broker Toolkit (1), WebSphere Partner Gateway (3), WebSphere Plugin (1), WebSphere Portal (116), WebSphere Process Server (2), WebSphere Real Time (1), WebSphere Service Registry (19), WebSphere Transformation Extender (1), WebSphere Virtual Enterprise (1), WebSphere eXtreme Scale (19), WebSphere eXtreme Scale Client (1), Websphere Caching Proxy Server (4), Websphere Commerce Suite (1), Websphere Datapower Datapower Integration Appliance Xi50 (1), Websphere Datapower Soa Appliance (1), Websphere Datapower Xc10 Appliance (2), Websphere MQ Explorer (1), Websphere Mq Internet Pass Thru (1), Worklight (5), Workload Automation (2), Workload Deployer (2), Workload Scheduler (3), Workload Scheduler Distributed (1), Workplace Content Management (1), Workplace Web Content Management (2), XIV Storage System (1), XIV Storage System Gen3 (2), access (1), acpRunner ActiveX (1), al Transaction Manager for SWIFT Services (1), alphaWorks TFTP Server (1), dashDB (1), db2 (8), eDiscovery Manager (1), eGatherer (1), hardware management console (1), i (28), i2 Analyst's Notebook (2), i2 Analyst Notebook (10), i2 Analysts Notebook Premium (6), i2 Analyze (1), i2 Enterprise Insight Analysis (3), i2 Intelligent Analyis Platform (16), i2 iBase (4), i Access (7), i Access Client Solutions (4), i Access Family (1), iNotes (32), i OSPF (1), iSeries AS400 (2), invscout.rte (1), solidDB (13), webMethods Integration (3), z (1), zSeries (1)

Link to Vendor Website: https://www.ibm.com/

PublishedBaseTempVulnerabilityProdExpRemEPSSCTICVE
12/07/20244.94.9IBM QRadar SIEM Web UI cross site scriptingLog Management SoftwareNot DefinedOfficial Fix0.000000.69+CVE-2024-47107
12/07/20247.87.6IBM AIX/VIOS os command injectionOperating SystemNot DefinedOfficial Fix0.000002.02CVE-2024-47115
12/07/20245.35.2IBM DB2/DB2 Connect Server Query memory allocationDatabase SoftwareNot DefinedOfficial Fix0.000000.74CVE-2024-41762
12/07/20244.24.1IBM DB2/DB2 Connect Server Query memory allocationDatabase SoftwareNot DefinedOfficial Fix0.000000.69CVE-2024-37071
12/04/20248.88.6IBM App Connect Enterprise Certified Container Request os command injectionVirtualization SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-51465
12/03/20244.34.2IBM Cognos Controller type distinctionBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.78CVE-2024-45676
12/03/20245.45.3IBM Cognos Controller cross-site request forgeryBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.08CVE-2024-41776
12/03/20244.84.7IBM Cognos Controller Cryptographic Algorithm risky encryptionBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.92CVE-2024-41775
12/03/20246.46.3IBM Cognos Controller hard-coded credentialsBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.66CVE-2024-41777
12/03/20245.55.4IBM Cognos Controller Filetype Attachment unrestricted uploadBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.48CVE-2024-25020
12/03/20244.34.2IBM Cognos Controller authentication bypassBusiness Process Management SoftwareNot DefinedOfficial Fix0.000431.00CVE-2024-25036
12/03/20245.35.2IBM Cognos Controller exposure of sensitive system information to an unauthorized control sphereBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-25035
12/03/20246.76.6IBM Cognos Controller Web Interface unrestricted uploadBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-40691
12/03/20245.55.4IBM Cognos Controller Journal Entry Attachment unrestricted uploadBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.83CVE-2024-25019
12/03/20244.84.7IBM Cognos Controller cleartext transmissionBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.38CVE-2021-29892
11/29/20248.38.2IBM Security Verify Access hard-coded credentialsUnknownNot DefinedOfficial Fix0.000430.00CVE-2024-49806
11/29/20248.38.2IBM Security Verify Access hard-coded credentialsUnknownNot DefinedOfficial Fix0.000430.05CVE-2024-49805
11/29/20249.39.1IBM Security Verify Access Request os command injectionUnknownNot DefinedOfficial Fix0.000430.04CVE-2024-49803
11/29/20247.87.6IBM Security Verify Access unnecessary privilegesUnknownNot DefinedOfficial Fix0.000430.00CVE-2024-49804
11/26/20244.44.3IBM Workload Scheduler credentials storageUnknownNot DefinedOfficial Fix0.000430.04CVE-2024-49351
11/26/20248.07.8IBM Data Virtualization Manager for zOS JDBC URL Parameter code injectionVirtualization SoftwareNot DefinedOfficial Fix0.000430.04CVE-2024-52899
11/26/20246.76.6IBM Watson Speech Services Cartridge for Cloud Pak for Data race conditionCloud SoftwareNot DefinedOfficial Fix0.000430.09CVE-2024-49353
11/25/20245.35.2IBM Jazz Foundation HTTP Request privileges assignmentProgramming Tool SoftwareNot DefinedOfficial Fix0.000430.04CVE-2023-26280
11/25/20245.25.1IBM Jazz Foundation Web UI cross site scriptingProgramming Tool SoftwareNot DefinedOfficial Fix0.000430.38CVE-2023-45181
11/23/20244.34.2IBM Watson Query for Cloud Pak for Data session expirationCloud SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-35160
11/23/20245.35.2IBM DB2/DB2 Connect Server Query memory allocationDatabase SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-41761
11/22/20243.43.4IBM PowerVM Hypervisor HMC exposure of sensitive system information to an unauthorized control sphereUnknownNot DefinedOfficial Fix0.000430.13CVE-2024-41781
11/22/20248.98.7IBM Engineering Systems Design Rhapsody Request toctouUnknownNot DefinedOfficial Fix0.000430.03CVE-2024-41779
11/21/20246.56.3IBM DB2/DB2 Connect Server Query denial of serviceDatabase SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-45663
11/19/20243.53.4IBM Concert Software incorrect user managementUnknownNot DefinedOfficial Fix0.000430.04CVE-2024-52359
11/19/20244.34.2IBM Concert Software exposure of private personal information to an unauthorized actorUnknownNot DefinedOfficial Fix0.000450.04CVE-2024-37070
11/19/20246.96.8IBM Concert Software sql injectionUnknownNot DefinedOfficial Fix0.000480.10CVE-2024-52360
11/15/20247.77.6IBM Engineering Insights xml external entity referenceUnknownNot DefinedOfficial Fix0.000870.07CVE-2024-39726
11/15/20246.46.3IBM Sterling Secure Proxy URL path traversalBusiness Process Management SoftwareNot DefinedOfficial Fix0.000900.04CVE-2024-41784
11/15/20245.25.1IBM Concert Software Web UI cross site scriptingUnknownNot DefinedOfficial Fix0.000460.08CVE-2024-41785
11/15/20244.84.7IBM Concert Software risky encryptionUnknownNot DefinedOfficial Fix0.000870.05CVE-2024-43189
11/14/20243.43.4IBM Security ReaQta Web UI cross site scriptingUnknownNot DefinedOfficial Fix0.000450.18CVE-2024-45099
11/14/20244.84.7IBM Security ReaQta Web UI cross-domain policyUnknownNot DefinedOfficial Fix0.000460.13CVE-2024-45642
11/14/20246.46.4IBM Security SOAR password recoveryUnknownNot DefinedOfficial Fix0.000910.17CVE-2024-45670
11/11/20243.63.5IBM WebSphere Application Server Web UI cross site scriptingApplication Server SoftwareNot DefinedOfficial Fix0.000450.06CVE-2024-45087
11/11/20245.15.1IBM Maximo Asset Management Web UI cross site scriptingAsset Management SoftwareNot DefinedOfficial Fix0.000450.14CVE-2024-45088
11/06/20244.84.7IBM Maximo Application Suite Monitor cross site scriptingAsset Management SoftwareNot DefinedOfficial Fix0.000450.05CVE-2024-35146
11/04/20245.15.0IBM WebSphere Application Server xml external entity referenceApplication Server SoftwareNot DefinedOfficial Fix0.000480.07CVE-2024-45086
11/01/20245.45.3IBM CICS TX Standard cross-site request forgeryUnknownNot DefinedOfficial Fix0.000480.03CVE-2024-41744
11/01/20245.25.1IBM CICS TX Standard Web UI cross site scriptingUnknownNot DefinedOfficial Fix0.000460.03CVE-2024-41745
11/01/20244.84.7IBM TXSeries for Multiplatforms Query String get request method with sensitive query stringsUnknownNot DefinedOfficial Fix0.000870.07CVE-2024-41738
11/01/20244.54.4IBM TXSeries for Multiplatforms timing discrepancyUnknownNot DefinedOfficial Fix0.000460.00CVE-2024-41741
10/29/20249.89.6IBM Flexible Service Processor FSP hard-coded credentialsUnknownNot DefinedOfficial Fix0.000910.05CVE-2024-45656
10/24/20244.84.7IBM Maximo Application Suite Monitor hard-coded keyAsset Management SoftwareNot DefinedOfficial Fix0.000870.04CVE-2024-38314
10/23/20243.83.7IBM CICS Transaction Gateway for Multiplatforms insufficiently protected credentialsUnknownNot DefinedOfficial Fix0.000870.05CVE-2023-50310

7370 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!