Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-22876 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364. | |||||
CVE-2022-41732 | 1 Ibm | 1 Maximo Application Suite | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. | |||||
CVE-2022-43923 | 1 Ibm | 1 Maximo Application Suite | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584. | |||||
CVE-2023-26284 | 1 Ibm | 1 Mq Certified Container | 2024-02-28 | N/A | 8.8 HIGH |
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. | |||||
CVE-2022-40615 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-02-28 | N/A | 9.8 CRITICAL |
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208. | |||||
CVE-2022-43859 | 1 Ibm | 1 I | 2024-02-28 | N/A | 4.3 MEDIUM |
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304. | |||||
CVE-2022-43849 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | N/A | 6.2 MEDIUM |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170. | |||||
CVE-2022-43875 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. | |||||
CVE-2023-22591 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation As A Service | 2024-02-28 | N/A | 3.2 LOW |
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710. | |||||
CVE-2020-4556 | 1 Ibm | 1 Financial Transaction Manager | 2024-02-28 | N/A | 3.3 LOW |
IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329. | |||||
CVE-2022-43581 | 1 Ibm | 1 Content Navigator | 2024-02-28 | N/A | 8.8 HIGH |
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. | |||||
CVE-2022-43902 | 1 Ibm | 1 Mq Appliance | 2024-02-28 | N/A | 7.5 HIGH |
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. | |||||
CVE-2022-41740 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2024-02-28 | N/A | 4.6 MEDIUM |
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. | |||||
CVE-2022-46773 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951. | |||||
CVE-2022-32750 | 1 Ibm | 1 Datapower Gateway | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435. | |||||
CVE-2022-38705 | 1 Ibm | 1 Cics Tx | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. | |||||
CVE-2022-22464 | 1 Ibm | 1 Security Verify Access | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. | |||||
CVE-2022-40234 | 1 Ibm | 1 Spectrum Protect Plus | 2024-02-28 | N/A | 5.9 MEDIUM |
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718. | |||||
CVE-2022-22455 | 1 Ibm | 1 Security Verify Governance | 2024-02-28 | N/A | 9.8 CRITICAL |
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989. | |||||
CVE-2022-36771 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791. |