Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-25930 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-28 | N/A | 5.9 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862. | |||||
CVE-2023-33846 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Cics Tx and 2 more | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100. | |||||
CVE-2023-27869 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-02-28 | N/A | 8.8 HIGH |
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517. | |||||
CVE-2023-27866 | 1 Ibm | 1 Informix Jdbc Driver | 2024-02-28 | N/A | 9.8 CRITICAL |
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511. | |||||
CVE-2021-39036 | 1 Ibm | 1 Cognos Analytics | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966. | |||||
CVE-2023-28958 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2024-02-28 | N/A | 7.8 HIGH |
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. | |||||
CVE-2022-43871 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. | |||||
CVE-2023-30446 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-02-28 | N/A | 7.5 HIGH |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 . | |||||
CVE-2023-26277 | 1 Ibm | 1 Qradar Wincollect | 2024-02-28 | N/A | 7.8 HIGH |
IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. IBM X-Force ID: 248156. | |||||
CVE-2020-4914 | 1 Ibm | 1 Cloud Pak System | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290. | |||||
CVE-2022-38707 | 1 Ibm | 1 Cognos Command Center | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. | |||||
CVE-2022-41739 | 1 Ibm | 1 Spectrum Scale Container Native Storage Access | 2024-02-28 | N/A | 8.4 HIGH |
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815. | |||||
CVE-2023-28528 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | N/A | 7.8 HIGH |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | |||||
CVE-2023-25687 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-28 | N/A | 4.3 MEDIUM |
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602. | |||||
CVE-2023-24966 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. | |||||
CVE-2023-27285 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2024-02-28 | N/A | 7.8 HIGH |
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625. | |||||
CVE-2023-23482 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-02-28 | N/A | 9.6 CRITICAL |
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891. | |||||
CVE-2023-25689 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247618. | |||||
CVE-2023-30993 | 1 Ibm | 1 Cloud Pak For Security | 2024-02-28 | N/A | 7.5 HIGH |
IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136. | |||||
CVE-2022-33159 | 1 Ibm | 1 Security Directory Suite Va | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. |