Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22494 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940. | |||||
CVE-2021-29859 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. | |||||
CVE-2022-22308 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891. | |||||
CVE-2021-38969 | 1 Ibm | 1 Spectrum Virtualize | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. | |||||
CVE-2022-22436 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164. | |||||
CVE-2021-20355 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891. | |||||
CVE-2022-31767 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980. | |||||
CVE-2021-39033 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213963. | |||||
CVE-2022-22356 | 1 Ibm | 1 Mq Appliance | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. | |||||
CVE-2022-22336 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395. | |||||
CVE-2022-22443 | 1 Ibm | 1 Infosphere Information Server | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. | |||||
CVE-2022-25256 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL. | |||||
CVE-2021-39024 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862. | |||||
CVE-2022-22427 | 1 Ibm | 1 Infosphere Information Server | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. | |||||
CVE-2021-38954 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414. | |||||
CVE-2022-22435 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2022-22396 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. | |||||
CVE-2022-22321 | 1 Ibm | 1 Mq | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. | |||||
CVE-2022-22333 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133. | |||||
CVE-2022-31768 | 1 Ibm | 1 Infosphere Information Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |