Filtered by vendor Ibm
Subscribe
Total
7122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1621 | 1 Ibm | 1 Lotus Domino | 2024-08-08 | 4.3 MEDIUM | N/A |
| NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature | |||||
| CVE-2024-31881 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613. | |||||
| CVE-2023-29267 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612. | |||||
| CVE-2024-28762 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246. | |||||
| CVE-2024-25052 | 1 Ibm | 1 Jazz Reporting Service | 2024-08-07 | N/A | 4.4 MEDIUM |
| IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | |||||
| CVE-2024-39743 | 1 Ibm | 1 Mq Operator | 2024-08-07 | N/A | 7.5 HIGH |
| IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172. | |||||
| CVE-2024-39742 | 1 Ibm | 1 Mq Operator | 2024-08-07 | N/A | 9.8 CRITICAL |
| IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169. | |||||
| CVE-2010-4121 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2024-08-07 | 7.5 HIGH | N/A |
| The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only. | |||||
| CVE-2024-31916 | 1 Ibm | 1 Openbmc | 2024-08-06 | N/A | 7.5 HIGH |
| IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. | |||||
| CVE-2023-42011 | 1 Ibm | 1 Sterling B2b Integrator | 2024-08-06 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: 265508. | |||||
| CVE-2014-9768 | 1 Ibm | 1 Tivoli Netview Access Services | 2024-08-06 | 9.0 HIGH | 8.8 HIGH |
| IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability | |||||
| CVE-2020-28198 | 1 Ibm | 1 Tivoli Storage Manager | 2024-08-04 | 4.4 MEDIUM | 7.0 HIGH |
| The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-27583 | 1 Ibm | 1 Infosphere Information Server | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-38329 | 1 Ibm | 1 Storage Protect For Virtual Environments | 2024-08-03 | N/A | 7.7 HIGH |
| IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994. | |||||
| CVE-2024-27275 | 1 Ibm | 1 I | 2024-08-03 | N/A | 7.8 HIGH |
| IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. IBM X-Force ID: 285203. | |||||
| CVE-2023-33860 | 1 Ibm | 1 Security Qradar Edr | 2024-08-02 | N/A | 5.3 MEDIUM |
| IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702. | |||||
| CVE-2023-35006 | 1 Ibm | 1 Security Qradar Edr | 2024-08-02 | N/A | 5.4 MEDIUM |
| IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 297165. | |||||
| CVE-2022-32759 | 1 Ibm | 3 Security Directory Integrator, Security Directory Server, Security Verify Access | 2024-08-02 | N/A | 7.5 HIGH |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. | |||||
| CVE-2024-28772 | 1 Ibm | 3 Security Directory Integrator, Security Directory Server, Security Verify Access | 2024-08-02 | N/A | 5.4 MEDIUM |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. | |||||
| CVE-2024-35153 | 1 Ibm | 1 Websphere Application Server | 2024-08-02 | N/A | 4.8 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640. | |||||