Vulnerabilities > IBM > Tivoli Workload Scheduler

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2022-22486 XXE vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2023-02-03 CVE-2022-38389 Unspecified vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm
critical
9.1
2021-08-09 CVE-2021-20349 Out-of-bounds Write vulnerability in IBM Tivoli Workload Scheduler 9.4/9.5
IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.
local
low complexity
ibm CWE-787
5.3
2020-03-10 CVE-2019-4608 Cross-site Scripting vulnerability in IBM Tivoli Workload Scheduler 9.3
IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-10-16 CVE-2019-4031 Unspecified vulnerability in IBM Tivoli Workload Scheduler
IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges.
local
low complexity
ibm
7.8
2018-03-14 CVE-2018-1386 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Workload Scheduler
IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges.
local
low complexity
ibm CWE-732
7.8
2017-12-13 CVE-2017-1716 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Workload Scheduler 8.6/9.1/9.2
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings.
local
low complexity
ibm CWE-732
3.3