cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37526,https://securityvulnerability.io/vulnerability/CVE-2024-37526,Sensitive Information Exposure in IBM Watson Query on Cloud Pak for Data,"An improper data protection mechanism within IBM Watson Query on Cloud Pak for Data allows authenticated users to access sensitive information from published objects. This vulnerability affects multiple versions of IBM Data Virtualization, potentially compromising the confidentiality of critical data assets.",IBM,Data Virtualization,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-27T21:53:04.621Z,0
CVE-2024-38320,https://securityvulnerability.io/vulnerability/CVE-2024-38320,Cryptographic Vulnerability in IBM Storage Protect for Virtual Environments,"IBM Storage Protect for Virtual Environments, including the Data Protection for VMware and the Backup-Archive Client versions 8.1.0.0 through 8.1.23.0, utilizes cryptographic algorithms that are weaker than expected. This vulnerability may allow an unauthorized attacker to decrypt highly sensitive information, posing a significant risk to the confidentiality of the data being protected.",IBM,"Storage Protect For Virtual Environments: Data Protection For Vmware,Storage Protect Backup-archive Client",5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-27T15:43:06.712Z,0
CVE-2024-52899,https://securityvulnerability.io/vulnerability/CVE-2024-52899,IBM Data Virtualization Manager for z/OS vulnerable to malicious JDBC URL injection,"IBM Data Virtualization Manager for z/OS versions 1.1 and 1.2 is susceptible to a vulnerability that permits an authenticated user to inject malicious JDBC URL parameters. This flaw could lead to unauthorized code execution on the server, exposing sensitive data and compromising system integrity. Proper security measures and updates are essential to mitigate these risks.",IBM,Data Virtualization Manager For Z/os,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T00:34:19.476Z,0
CVE-2024-38329,https://securityvulnerability.io/vulnerability/CVE-2024-38329,IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass,"IBM Storage Protect for Virtual Environments, specifically versions 8.1.0.0 through 8.1.22.0, is susceptible to a security vulnerability that may allow remote authenticated attackers to bypass critical security restrictions. This flaw arises from the inadequate validation of user permissions. A malicious actor could exploit this vulnerability through specially crafted requests. Potential consequences include unauthorized modifications of configuration settings, initiating or restoring backups, and the deletion of all historical backups via log rotation. This vulnerability poses significant risks to data integrity and recovery processes.",IBM,Storage Protect For Virtual Environments: Data Protection For Vmware,7.7,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-19T13:43:41.191Z,0
CVE-2021-38971,https://securityvulnerability.io/vulnerability/CVE-2021-38971,Data Masking Bypass in IBM Cloud Pak for Data Products,"IBM Data Virtualization on Cloud Pak for Data contains a vulnerability that could allow authorized users to circumvent data masking protections, potentially leading to the exposure of sensitive information. This issue impacts multiple versions of the product, raising concerns about data privacy and security for organizations utilizing these solutions. It is crucial for users to implement recommended security measures to mitigate the risks associated with this vulnerability.",IBM,Data Virtualization On Cloud Pak For Data,4.9,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2015-7425,https://securityvulnerability.io/vulnerability/CVE-2015-7425,,"The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.",IBM,"Tivoli Storage Flashcopy Manager For Vmware,Tivoli Storage Manager For Virtual Environments Data Protection For Vmware",10,CRITICAL,0.007089999970048666,false,,false,false,false,,,false,false,,2016-02-21T18:00:00.000Z,0