IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-06-18
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15
is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-06-18
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-06-22
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-12-18
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVSS Score
5.9
EPSS Score
0.006
Published
2023-11-28
IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-06-16
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.
CVSS Score
4.4
EPSS Score
0.0
Published
2021-06-16
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-02-23
IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-08-28
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-08-28
Page 1