Vulnerabilities > IBM > Tivoli Workload Scheduler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2022-22486 | XXE vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-02-03 | CVE-2022-38389 | XXE vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2021-08-09 | CVE-2021-20349 | Out-of-bounds Write vulnerability in IBM Tivoli Workload Scheduler 9.4/9.5 IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 5.3 |
| 2020-03-10 | CVE-2019-4608 | Cross-site Scripting vulnerability in IBM Tivoli Workload Scheduler 9.3 IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. | 5.4 |
| 2019-10-16 | CVE-2019-4031 | Unspecified vulnerability in IBM Tivoli Workload Scheduler IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. | 7.8 |
| 2018-03-14 | CVE-2018-1386 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Workload Scheduler IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. | 7.8 |
| 2017-12-13 | CVE-2017-1716 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Workload Scheduler 8.6/9.1/9.2 IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. | 3.3 |