Filtered by vendor Ibm
Subscribe
Total
7122 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-38321 | 1 Ibm | 1 Business Automation Workflow | 2024-09-06 | N/A | 6.5 MEDIUM |
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. | |||||
CVE-2024-45098 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | N/A | 8.1 HIGH |
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | |||||
CVE-2024-45097 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | N/A | 7.1 HIGH |
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | |||||
CVE-2024-45096 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | N/A | 6.5 MEDIUM |
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. | |||||
CVE-2023-45167 | 1 Ibm | 2 Aix, Vios | 2024-09-03 | N/A | 5.5 MEDIUM |
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965. | |||||
CVE-2024-39751 | 1 Ibm | 1 Infosphere Information Server | 2024-08-29 | N/A | 4.3 MEDIUM |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 | |||||
CVE-2023-38018 | 1 Ibm | 1 Aspera Shares | 2024-08-29 | N/A | 5.4 MEDIUM |
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574. | |||||
CVE-2024-31905 | 1 Ibm | 1 Qradar Network Packet Capture | 2024-08-28 | N/A | 5.9 MEDIUM |
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858. | |||||
CVE-2024-41773 | 1 Ibm | 1 Global Configuration Management | 2024-08-26 | N/A | 6.5 MEDIUM |
IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. | |||||
CVE-2024-41774 | 1 Ibm | 1 Common Licensing | 2024-08-24 | N/A | 4.8 MEDIUM |
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. | |||||
CVE-2024-22333 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-08-24 | N/A | 3.3 LOW |
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. | |||||
CVE-2023-38368 | 1 Ibm | 1 Security Access Manager | 2024-08-24 | N/A | 5.5 MEDIUM |
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195. | |||||
CVE-2023-35022 | 1 Ibm | 1 Infosphere Information Server | 2024-08-24 | N/A | 3.3 LOW |
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254. | |||||
CVE-2023-30998 | 1 Ibm | 1 Security Access Manager | 2024-08-24 | N/A | 7.8 HIGH |
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649. | |||||
CVE-2023-30997 | 1 Ibm | 1 Security Access Manager | 2024-08-24 | N/A | 7.8 HIGH |
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638. | |||||
CVE-2023-30430 | 1 Ibm | 1 Security Verify Access | 2024-08-24 | N/A | 5.5 MEDIUM |
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. | |||||
CVE-2023-50314 | 1 Ibm | 1 Websphere Application Server | 2024-08-23 | N/A | 7.5 HIGH |
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. | |||||
CVE-2024-35152 | 1 Ibm | 1 Db2 | 2024-08-23 | N/A | 6.5 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639. | |||||
CVE-2024-37529 | 1 Ibm | 1 Db2 | 2024-08-23 | N/A | 6.5 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295. | |||||
CVE-2024-35151 | 1 Ibm | 2 Openpages Grc Platform, Openpages With Watson | 2024-08-23 | N/A | 6.5 MEDIUM |
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. |