Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

IBM - HackerOne Reports

View on HackerOne

40

Total Reports

16

Critical

8

High

13

Medium

0

Low

SQL Injection in IBM access control panel & Broken access in admin panel

Reported by: thecyberguy0 | Disclosed:

Critical

Weakness: SQL Injection

XSS in Aspera documentation website

Reported by: onlyaviv | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

SQL injection in URL path processing on www.ibm.com

Reported by: asterite | Disclosed:

Critical

Weakness: SQL Injection

Insecure Direct Object Reference Protection bypass by changing HTTP method in IBM Your Learning endpoint.

Reported by: suryahss | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Subdomain Takeover Affecting at vex.weather.com

Reported by: gdattacker | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Public Jenkins instance with /script enabled

Reported by: thesanjok | Disclosed:

Critical

Weakness: Improper Access Control - Generic

There is a POST based CSRF issue over IBM endpoint leading to modification of contact information.

Reported by: youssifs7 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Information disclosure identified on IBM endpoint.

Reported by: devire | Disclosed:

Medium

Weakness: Information Disclosure

IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls

Reported by: ibrahimsyam1 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

sql injection via https://setup.p2p.ihost.com/

Reported by: exploitmsf | Disclosed:

Critical

Weakness: SQL Injection

IBM OpenPages vulnerable to exposure of sensitive information

Reported by: 0xhassan | Disclosed:

Medium

Weakness: Improper Authentication - Generic

SSRF via host header let access localhost via https://go.dialexa.com

Reported by: mersa-v6 | Disclosed:

Medium

RXSS in hidden parameter

Reported by: buggedout | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it

Reported by: un_kn0wn | Disclosed:

Critical

Middleware Authentication Bypass on IBM Portal

Reported by: muhammadwaseem3 | Disclosed:

Critical

Weakness: Command Injection - Generic

Improper Authentication on Alertmanager instance

Reported by: nhx1 | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Jenkins server access due to weak password

Reported by: bugoverflow | Disclosed:

High

Weakness: Improper Authentication - Generic

S3 Bucket Takeover on apptio endpoint

Reported by: samurai_jack0 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Nginx Alias Traversal - babel.bluetab.net

Reported by: dk4trin | Disclosed:

High

Weakness: Path Traversal

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability - https://esccvc.de.ibm.com

Reported by: 0xelkomy | Disclosed:

High

Weakness: Path Traversal

Previous Page 2 of 2