Page 5 of 90 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 https://https://www.ibm.com/support/pages/node/6985837 •

CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 https://www.ibm.com/support/pages/node/6985835 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244510 https://www.ibm.com/support/pages/node/6987767 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241675 https://www.ibm.com/support/pages/node/6981113 •

CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248416 https://www.ibm.com/support/pages/node/6964836 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •