Filtered by vendor Ibm
Subscribe
Total
7122 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38927 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322. | |||||
CVE-2023-40699 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. | |||||
CVE-2023-28526 | 1 Ibm | 2 Informix Dynamic Server, Informix Dynamic Server On Cloud Pak For Data | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204. | |||||
CVE-2023-47722 | 1 Ibm | 1 Api Connect | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912. | |||||
CVE-2023-43016 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-02-28 | N/A | 7.3 HIGH |
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. | |||||
CVE-2023-38727 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. | |||||
CVE-2023-40691 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-02-28 | N/A | 4.9 MEDIUM |
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805. | |||||
CVE-2023-47741 | 1 Ibm | 2 Db2 Mirror For I, I | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. | |||||
CVE-2023-47703 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. | |||||
CVE-2023-42012 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | N/A | 5.5 MEDIUM |
An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509. | |||||
CVE-2023-47148 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-02-28 | N/A | 7.5 HIGH |
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. | |||||
CVE-2023-38003 | 1 Ibm | 1 Db2 | 2024-02-28 | N/A | 7.2 HIGH |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214. | |||||
CVE-2024-23621 | 1 Ibm | 1 Merge Efilm Workstation | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | |||||
CVE-2023-42016 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | N/A | 4.3 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. | |||||
CVE-2021-39008 | 1 Ibm | 1 Qradar Wincollect | 2024-02-28 | N/A | 4.9 MEDIUM |
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551. | |||||
CVE-2023-47704 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. | |||||
CVE-2023-47144 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271. | |||||
CVE-2023-32337 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. | |||||
CVE-2023-50327 | 1 Ibm | 1 Powersc | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109. | |||||
CVE-2023-42006 | 1 Ibm | 1 I | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266. |