Filtered by vendor Ibm
Subscribe
Total
7122 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-22326 | 1 Ibm | 1 Ds8900f Firmware | 2024-10-15 | N/A | 6.3 MEDIUM |
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518. | |||||
CVE-2022-38714 | 1 Ibm | 2 Cloud Pak For Data, Datastage | 2024-10-10 | N/A | 4.9 MEDIUM |
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060. | |||||
CVE-2022-34310 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-10-10 | N/A | 7.5 HIGH |
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441. | |||||
CVE-2023-45192 | 1 Ibm | 1 Doors Next | 2024-10-08 | N/A | 8.2 HIGH |
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758. | |||||
CVE-2024-37533 | 1 Ibm | 1 Infosphere Information Server | 2024-10-01 | N/A | 4.6 MEDIUM |
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. | |||||
CVE-2022-43845 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-09-30 | N/A | 7.5 HIGH |
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | |||||
CVE-2021-38963 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-09-30 | N/A | 8.0 HIGH |
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
CVE-2024-38324 | 1 Ibm | 1 Storage Defender | 2024-09-30 | N/A | 6.5 MEDIUM |
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. | |||||
CVE-2024-43188 | 1 Ibm | 1 Business Automation Workflow | 2024-09-29 | N/A | 4.9 MEDIUM |
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | |||||
CVE-2024-40703 | 1 Ibm | 2 Cognos Analytics, Cognos Analytics Reports | 2024-09-27 | N/A | 5.5 MEDIUM |
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. | |||||
CVE-2023-22862 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2024-09-27 | N/A | 7.5 HIGH |
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | |||||
CVE-2023-47152 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2024-09-27 | N/A | 7.5 HIGH |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. | |||||
CVE-2023-47140 | 1 Ibm | 1 Cics Transaction Gateway | 2024-09-27 | N/A | 8.1 HIGH |
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. | |||||
CVE-2023-33850 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2024-09-27 | N/A | 7.5 HIGH |
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. | |||||
CVE-2023-28956 | 2 Ibm, Microsoft | 2 Spectrum Protect Backup-archive Client, Windows | 2024-09-27 | N/A | 7.8 HIGH |
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. | |||||
CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-09-21 | N/A | 5.5 MEDIUM |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. | |||||
CVE-2024-37068 | 1 Ibm | 1 Maximo Application Suite | 2024-09-21 | N/A | 7.5 HIGH |
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques. | |||||
CVE-2024-35136 | 1 Ibm | 1 Db2 | 2024-09-21 | N/A | 6.5 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307. | |||||
CVE-2024-35133 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-09-21 | N/A | 8.2 HIGH |
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
CVE-2024-31882 | 1 Ibm | 1 Db2 | 2024-09-21 | N/A | 6.5 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614. |