Filtered by vendor Ibm
Subscribe
Total
7122 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-40687 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. | |||||
CVE-2023-40692 | 1 Ibm | 1 Db2 | 2024-02-28 | N/A | 7.5 HIGH |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807. | |||||
CVE-2023-50933 | 1 Ibm | 1 Powersc | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | |||||
CVE-2023-32328 | 1 Ibm | 1 Security Verify Access | 2024-02-28 | N/A | 9.8 CRITICAL |
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | |||||
CVE-2023-42015 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | N/A | 4.3 MEDIUM |
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512. | |||||
CVE-2023-43064 | 1 Ibm | 1 I | 2024-02-28 | N/A | 7.8 HIGH |
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. | |||||
CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | |||||
CVE-2023-50950 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709. | |||||
CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-02-28 | N/A | 9.8 CRITICAL |
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | |||||
CVE-2023-26024 | 1 Ibm | 1 Planning Analytics On Cloud Pak For Data | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. | |||||
CVE-2023-42013 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. | |||||
CVE-2023-47143 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-02-28 | N/A | 9.8 CRITICAL |
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270. | |||||
CVE-2023-31006 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-02-28 | N/A | 7.5 HIGH |
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776. | |||||
CVE-2023-45184 | 1 Ibm | 1 I Access Client Solutions | 2024-02-28 | N/A | 7.5 HIGH |
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. | |||||
CVE-2023-45191 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2024-02-28 | N/A | 7.5 HIGH |
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. | |||||
CVE-2023-46159 | 1 Ibm | 1 Storage Ceph | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | |||||
CVE-2023-42009 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504. | |||||
CVE-2023-26279 | 1 Ibm | 1 Qradar Wincollect | 2024-02-28 | N/A | 7.8 HIGH |
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160. | |||||
CVE-2023-25682 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034. | |||||
CVE-2023-47707 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522. |