Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45647 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-01-29 | N/A | 5.6 MEDIUM |
|
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.
|
|||||
| CVE-2023-26285 | 1 Ibm | 1 Mq Appliance | 2025-01-29 | N/A | 5.9 MEDIUM |
|
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.
|
|||||
| CVE-2023-24958 | 1 Ibm | 6 3948-ved, 3948-ved Firmware, 3957-vec and 3 more | 2025-01-29 | N/A | 8.8 HIGH |
|
A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320.
|
|||||
| CVE-2023-23470 | 1 Ibm | 1 I | 2025-01-29 | N/A | 6.4 MEDIUM |
|
IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.
|
|||||
| CVE-2020-4914 | 1 Ibm | 1 Cloud Pak System | 2025-01-29 | N/A | 4.2 MEDIUM |
|
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.
|
|||||
| CVE-2023-24957 | 1 Ibm | 1 Business Automation Workflow | 2025-01-29 | N/A | 5.4 MEDIUM |
|
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.
|
|||||
| CVE-2022-43877 | 1 Ibm | 1 Urbancode Deploy | 2025-01-29 | N/A | 5.1 MEDIUM |
|
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.
|
|||||
| CVE-2022-43866 | 1 Ibm | 1 Maximo Asset Management | 2025-01-29 | N/A | 5.4 MEDIUM |
|
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.
|
|||||
| CVE-2024-22356 | 1 Ibm | 3 App Connect Enterprise, Integration Bus, Z\/os | 2025-01-28 | N/A | 4.9 MEDIUM |
|
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.
|
|||||
| CVE-2024-28781 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-01-27 | N/A | 5.4 MEDIUM |
|
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654.
|
|||||
| CVE-2023-35888 | 1 Ibm | 1 Security Verify Governance | 2025-01-27 | N/A | 5.9 MEDIUM |
|
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375.
|
|||||
| CVE-2023-27870 | 1 Ibm | 1 Spectrum Virtualize | 2025-01-24 | N/A | 5.9 MEDIUM |
|
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.
|
|||||
| CVE-2023-27554 | 1 Ibm | 1 Websphere Application Server | 2025-01-24 | N/A | 6.3 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.
|
|||||
| CVE-2023-28517 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2025-01-22 | N/A | 5.4 MEDIUM |
|
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421.
|
|||||
| CVE-2022-42443 | 1 Ibm | 2 Trusteer Android Sdk For Mobile, Trusteer Ios Sdk For Mobile | 2025-01-22 | N/A | 2.2 LOW |
|
An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.
|
|||||
| CVE-2024-47115 | 1 Ibm | 2 Aix, Vios | 2025-01-21 | N/A | 7.8 HIGH |
|
IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.
|
|||||
| CVE-2023-26280 | 1 Ibm | 1 Jazz Foundation | 2025-01-16 | N/A | 5.3 MEDIUM |
|
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.
|
|||||
| CVE-2024-22345 | 1 Ibm | 1 Txseries For Multiplatform | 2025-01-14 | N/A | 6.2 MEDIUM |
|
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192.
|
|||||
| CVE-2024-22343 | 1 Ibm | 1 Txseries For Multiplatform | 2025-01-14 | N/A | 4.0 MEDIUM |
|
IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190.
|
|||||
| CVE-2023-47712 | 1 Ibm | 1 Security Guardium | 2025-01-14 | N/A | 7.8 HIGH |
|
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527.
|
|||||
| CVE-2023-47711 | 1 Ibm | 1 Security Guardium | 2025-01-14 | N/A | 2.7 LOW |
|
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526.
|
|||||
| CVE-2023-47709 | 1 Ibm | 1 Security Guardium | 2025-01-14 | N/A | 9.1 CRITICAL |
|
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524.
|
|||||
| CVE-2024-22328 | 1 Ibm | 1 Maximo Application Suite | 2025-01-14 | N/A | 7.5 HIGH |
|
IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950.
|
|||||
| CVE-2022-22399 | 1 Ibm | 1 Aspera Faspex | 2025-01-14 | N/A | 5.4 MEDIUM |
|
IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.
|
|||||
| CVE-2023-37411 | 1 Ibm | 1 Aspera Faspex | 2025-01-14 | N/A | 4.8 MEDIUM |
|
IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139.
|
|||||
| CVE-2023-38724 | 1 Ibm | 1 Cognos Controller | 2025-01-14 | N/A | 6.3 MEDIUM |
|
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.
|
|||||
| CVE-2023-32335 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2025-01-14 | N/A | 3.7 LOW |
|
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.
|
|||||
| CVE-2023-38723 | 1 Ibm | 1 Maximo Application Suite | 2025-01-14 | N/A | 6.4 MEDIUM |
|
IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192.
|
|||||
| CVE-2023-45181 | 1 Ibm | 1 Jazz Foundation | 2025-01-14 | N/A | 6.1 MEDIUM |
|
IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-51460 | 1 Ibm | 1 Infosphere Information Server | 2025-01-14 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
|
|||||
| CVE-2024-39727 | 1 Ibm | 1 Engineering Lifecycle Optimization - Engineering Insights | 2025-01-10 | N/A | 6.1 MEDIUM |
|
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
|
|||||
| CVE-2024-39725 | 1 Ibm | 1 Engineering Lifecycle Optimization - Engineering Insights | 2025-01-10 | N/A | 5.3 MEDIUM |
|
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
|
|||||
| CVE-2024-45082 | 1 Ibm | 1 Cognos Analytics | 2025-01-10 | N/A | 6.8 MEDIUM |
|
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3
could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.
|
|||||
| CVE-2024-41752 | 1 Ibm | 1 Cognos Analytics | 2025-01-10 | N/A | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
|
|||||
| CVE-2024-25042 | 1 Ibm | 1 Cognos Analytics | 2025-01-10 | N/A | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3
is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.
|
|||||
| CVE-2024-49819 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-10 | N/A | 4.1 MEDIUM |
|
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
|
|||||
| CVE-2024-49820 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-10 | N/A | 3.7 LOW |
|
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
|
|||||
| CVE-2023-47710 | 1 Ibm | 1 Security Guardium | 2025-01-08 | N/A | 5.4 MEDIUM |
|
IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525.
|
|||||
| CVE-2024-31895 | 1 Ibm | 1 App Connect Enterprise | 2025-01-08 | N/A | 4.3 MEDIUM |
|
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.
|
|||||
| CVE-2024-31894 | 1 Ibm | 1 App Connect Enterprise | 2025-01-08 | N/A | 4.3 MEDIUM |
|
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.
|
|||||