IBM Tivoli Workload Scheduler
By the Year
In 2024 there have been 0 vulnerabilities in IBM Tivoli Workload Scheduler . Last year Tivoli Workload Scheduler had 2 security vulnerabilities published. Right now, Tivoli Workload Scheduler is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 9.10 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 5.30 |
| 2020 | 1 | 5.40 |
| 2019 | 1 | 7.80 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Tivoli Workload Scheduler vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Tivoli Workload Scheduler Security Vulnerabilities
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data
CVE-2022-38389
9.1 - Critical
- February 03, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.
XXE
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data
CVE-2022-22486
9.1 - Critical
- February 03, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328.
XXE
IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking
CVE-2021-20349
5.3 - Medium
- August 09, 2021
IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599.
Memory Corruption
IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting
CVE-2019-4608
5.4 - Medium
- March 10, 2020
IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168508.
XSS
IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability
CVE-2019-4031
7.8 - High
- October 16, 2019
IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.
IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions
CVE-2018-1386
7.8 - High
- March 14, 2018
IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208.
Incorrect Permission Assignment for Critical Resource
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Tivoli Workload Scheduler or by IBM? Click the Watch button to subscribe.
