cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-42438,https://securityvulnerability.io/vulnerability/CVE-2022-42438,IBM Cloud Pak for Multicloud Management Monitoring privilege escalation,"An access control vulnerability in IBM Cloud Pak for Multicloud Management versions 2.0 and 2.3 allows unauthorized users to access administrative functionalities by manipulating URL paths. This flaw may lead to significant security risks as users without appropriate permissions could perform sensitive tasks, potentially compromising the integrity and management of the cloud environment.",IBM,Cloud Pak For Multicloud Management Monitoring,7.5,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-02-08T18:59:02.733Z,0
CVE-2022-43864,https://securityvulnerability.io/vulnerability/CVE-2022-43864,IBM Business Automation Workflow information disclosure,"IBM Business Automation Workflow version 22.0.2 is susceptible to a directory traversal vulnerability that enables an attacker to manipulate URL requests using 'dot dot' sequences (/../). This flaw allows unauthorized viewing of arbitrary files on the system, potentially exposing sensitive information. Proper input validation and safeguarding techniques are essential to mitigate the risk posed by this vulnerability, allowing for a more secure application environment.",IBM,Business Monitor,7.5,HIGH,0.0013899999903514981,false,,false,false,false,,,false,false,,2023-01-26T21:17:00.000Z,0
CVE-2021-38941,https://securityvulnerability.io/vulnerability/CVE-2021-38941,Privileged Mode Vulnerability in IBM CloudPak for Multicloud Monitoring,"The IBM CloudPak for Multicloud Monitoring versions 2.0 and 2.3 are exposed to a security risk due to the presence of several containers operating in privileged mode. This issue can lead to host information leakage or potential destruction if unauthorized access is obtained, enabling attackers to execute arbitrary commands within the vulnerable containers. Organizations using this product are urged to review their security configurations and implement necessary updates to mitigate these risks.",IBM,Cloud Pak For Multicloud Management Monitoring,5.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2022-06-30T17:15:00.000Z,0
CVE-2021-20341,https://securityvulnerability.io/vulnerability/CVE-2021-20341,,IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513.,IBM,Cloud Pak For Multicloud Management Monitoring,5.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2021-03-09T15:15:00.000Z,0
CVE-2020-4173,https://securityvulnerability.io/vulnerability/CVE-2020-4173,,IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682.,IBM,Infosphere Guardium Activity Monitor,3.1,LOW,0.0007999999797903001,false,,false,false,false,,,false,false,,2020-07-09T19:15:00.000Z,0
CVE-2020-4311,https://securityvulnerability.io/vulnerability/CVE-2020-4311,,"IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.",IBM,Tivoli Monitoring,7.4,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2020-04-23T15:15:00.000Z,0
CVE-2019-4592,https://securityvulnerability.io/vulnerability/CVE-2019-4592,,IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.,IBM,Tivoli Monitoring,7.5,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-02-13T16:15:00.000Z,0
CVE-2019-4131,https://securityvulnerability.io/vulnerability/CVE-2019-4131,,IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270.,IBM,Monitoring,5.3,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2019-07-11T20:15:00.000Z,0
CVE-2017-1794,https://securityvulnerability.io/vulnerability/CVE-2017-1794,,IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.,IBM,Tivoli Monitoring,7.5,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2018-09-19T15:29:00.000Z,0
CVE-2017-1601,https://securityvulnerability.io/vulnerability/CVE-2017-1601,,"IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.",IBM,Security Guardium Database Activity Monitor,9.8,CRITICAL,0.004999999888241291,false,,false,false,false,,,false,false,,2018-05-02T13:00:00.000Z,0
CVE-2017-1789,https://securityvulnerability.io/vulnerability/CVE-2017-1789,,IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.,IBM,Tivoli Monitoring V6,9.8,CRITICAL,0.001879999996162951,false,,false,false,false,,,false,false,,2018-03-22T12:29:00.000Z,0
CVE-2018-1441,https://securityvulnerability.io/vulnerability/CVE-2018-1441,,IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597.,IBM,Monitoring,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-03-14T00:29:00.000Z,0
CVE-2016-0237,https://securityvulnerability.io/vulnerability/CVE-2016-0237,,IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328.,IBM,Security Guardium Database Activity Monitor,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-03-12T21:00:00.000Z,0
CVE-2016-0235,https://securityvulnerability.io/vulnerability/CVE-2016-0235,,"IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326.",IBM,Security Guardium Database Activity Monitor,8.2,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-03-12T21:00:00.000Z,0
CVE-2018-1387,https://securityvulnerability.io/vulnerability/CVE-2018-1387,,IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210.,IBM,Monitoring,5.3,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2018-03-08T16:29:00.000Z,0
CVE-2018-1442,https://securityvulnerability.io/vulnerability/CVE-2018-1442,,IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598.,IBM,Monitoring,4.3,MEDIUM,0.002259999979287386,false,,false,false,false,,,false,false,,2018-03-08T16:29:00.000Z,0
CVE-2017-1635,https://securityvulnerability.io/vulnerability/CVE-2017-1635,,"IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.",IBM,Tivoli Monitoring V6,8,HIGH,0.007449999917298555,false,,false,false,true,2021-03-04T19:52:48.000Z,true,false,false,,2017-12-13T18:29:00.000Z,0
CVE-2017-1182,https://securityvulnerability.io/vulnerability/CVE-2017-1182,,"IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.",IBM,Tivoli Monitoring V6,7.5,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2017-07-17T13:18:00.000Z,0
CVE-2017-1181,https://securityvulnerability.io/vulnerability/CVE-2017-1181,,"IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.",IBM,Tivoli Monitoring V6,7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2017-07-17T13:18:00.000Z,0
CVE-2017-1183,https://securityvulnerability.io/vulnerability/CVE-2017-1183,,"IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.",IBM,Tivoli Monitoring V6,7.5,HIGH,0.0017999999690800905,false,,false,false,false,,,false,false,,2017-07-17T13:18:00.000Z,0
CVE-2016-6083,https://securityvulnerability.io/vulnerability/CVE-2016-6083,,IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.,IBM,Tivoli Monitoring V6,5.3,MEDIUM,0.0012000000569969416,false,,false,false,false,,,false,false,,2017-06-27T16:00:00.000Z,0
CVE-2016-5933,https://securityvulnerability.io/vulnerability/CVE-2016-5933,,IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.,IBM,Tivoli Monitoring V6,4.6,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2017-03-08T19:00:00.000Z,0
CVE-2016-2946,https://securityvulnerability.io/vulnerability/CVE-2016-2946,,"Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors.",IBM,Tivoli Monitoring,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2016-12-01T11:00:00.000Z,0
CVE-2016-0239,https://securityvulnerability.io/vulnerability/CVE-2016-0239,,IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors.,IBM,Security Guardium Database Activity Monitor,8.8,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2016-10-22T01:00:00.000Z,0
CVE-2016-0241,https://securityvulnerability.io/vulnerability/CVE-2016-0241,,"IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.",IBM,Security Guardium Database Activity Monitor,8.8,HIGH,0.002409999957308173,false,,false,false,false,,,false,false,,2016-10-22T01:00:00.000Z,0