Filtered by vendor Ibm
Subscribe
Total
7127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43906 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897. | |||||
| CVE-2023-40377 | 1 Ibm | 1 I | 2024-02-28 | N/A | 7.8 HIGH |
| Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583. | |||||
| CVE-2023-37410 | 1 Ibm | 1 Person Communications | 2024-02-28 | N/A | 7.8 HIGH |
| IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138. | |||||
| CVE-2023-38721 | 1 Ibm | 1 I | 2024-02-28 | N/A | 7.8 HIGH |
| The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173. | |||||
| CVE-2022-43831 | 1 Ibm | 1 Spectrum Scale Container Native Storage Access | 2024-02-28 | N/A | 7.8 HIGH |
| IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941. | |||||
| CVE-2023-38733 | 3 Ibm, Microsoft, Redhat | 3 Robotic Process Automation, Windows, Openshift | 2024-02-28 | N/A | 4.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. | |||||
| CVE-2023-33840 | 1 Ibm | 1 Security Verify Governance | 2024-02-28 | N/A | 4.8 MEDIUM |
| IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037. | |||||
| CVE-2023-22595 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2024-02-28 | N/A | 5.4 MEDIUM |
| IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076. | |||||
| CVE-2023-38276 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2024-02-28 | N/A | 7.5 HIGH |
| IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. | |||||
| CVE-2023-40372 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499. | |||||
| CVE-2023-35901 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. | |||||
| CVE-2023-40378 | 1 Ibm | 1 I | 2024-02-28 | N/A | 7.8 HIGH |
| IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584. | |||||
| CVE-2023-25929 | 1 Ibm | 1 Cognos Analytics | 2024-02-28 | N/A | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. | |||||
| CVE-2023-30987 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440. | |||||
| CVE-2022-43891 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454. | |||||
| CVE-2023-28513 | 5 Hp, Ibm, Linux and 2 more | 9 Hp-ux, Aix, I and 6 more | 2024-02-28 | N/A | 7.5 HIGH |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. | |||||
| CVE-2023-40370 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470. | |||||
| CVE-2022-33164 | 1 Ibm | 1 Security Directory Server | 2024-02-28 | N/A | 9.1 CRITICAL |
| IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579. | |||||
| CVE-2023-35019 | 1 Ibm | 1 Security Verify Governance | 2024-02-28 | N/A | 8.8 HIGH |
| IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873. | |||||
| CVE-2022-33161 | 1 Ibm | 4 Security Directory Integrator, Security Directory Server, Security Directory Suite and 1 more | 2024-02-28 | N/A | 5.9 MEDIUM |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. | |||||