Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38728 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.
|
|||||
| CVE-2023-38727 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.
|
|||||
| CVE-2023-38722 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2024-11-21 | N/A | 6.4 MEDIUM |
|
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.
|
|||||
| CVE-2023-38721 | 1 Ibm | 1 I | 2024-11-21 | N/A | 8.4 HIGH |
|
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173.
|
|||||
| CVE-2023-38720 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.
|
|||||
| CVE-2023-38719 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 5.1 MEDIUM |
|
IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.
|
|||||
| CVE-2023-38718 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | N/A | 3.7 LOW |
|
IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.
|
|||||
| CVE-2023-38364 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260821.
|
|||||
| CVE-2023-38363 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818.
|
|||||
| CVE-2023-38361 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770.
|
|||||
| CVE-2023-38280 | 1 Ibm | 1 Hardware Management Console | 2024-11-21 | N/A | 8.4 HIGH |
|
IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740.
|
|||||
| CVE-2023-38276 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.
|
|||||
| CVE-2023-38275 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.
|
|||||
| CVE-2023-38273 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.
|
|||||
| CVE-2023-38268 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.
|
|||||
| CVE-2023-38263 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577.
|
|||||
| CVE-2023-38020 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576.
|
|||||
| CVE-2023-38019 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-11-21 | N/A | 8.1 HIGH |
|
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575.
|
|||||
| CVE-2023-38003 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A | 7.2 HIGH |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.
|
|||||
| CVE-2023-38001 | 1 Ibm | 1 Aspera Orchestrator | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206.
|
|||||
| CVE-2023-37410 | 1 Ibm | 1 Person Communications | 2024-11-21 | N/A | 8.4 HIGH |
|
IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.
|
|||||
| CVE-2023-37404 | 1 Ibm | 1 Observability With Instana | 2024-11-21 | N/A | 6.4 MEDIUM |
|
IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789.
|
|||||
| CVE-2023-37397 | 1 Ibm | 1 Aspera Faspex | 2024-11-21 | N/A | 3.6 LOW |
|
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.
|
|||||
| CVE-2023-35906 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
|
|||||
| CVE-2023-35905 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384.
|
|||||
| CVE-2023-35901 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2024-11-21 | N/A | 2.7 LOW |
|
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.
|
|||||
| CVE-2023-35900 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.
|
|||||
| CVE-2023-35898 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.
|
|||||
| CVE-2023-35897 | 1 Ibm | 2 Storage Protect, Storage Protect Client | 2024-11-21 | N/A | 8.4 HIGH |
|
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.
|
|||||
| CVE-2023-35896 | 3 Ibm, Linux, Microsoft | 3 Content Navigator, Linux Kernel, Windows | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.
|
|||||
| CVE-2023-35895 | 1 Ibm | 1 Informix Jdbc | 2024-11-21 | N/A | 6.3 MEDIUM |
|
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116.
|
|||||
| CVE-2023-35893 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | N/A | 9.9 CRITICAL |
|
IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824.
|
|||||
| CVE-2023-35892 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A | 7.1 HIGH |
|
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786.
|
|||||
| CVE-2023-35890 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 5.1 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.
|
|||||
| CVE-2023-35024 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.
|
|||||
| CVE-2023-35022 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 3.3 LOW |
|
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.
|
|||||
| CVE-2023-35020 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Control Center and 2 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.
|
|||||
| CVE-2023-35019 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | N/A | 7.2 HIGH |
|
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.
|
|||||
| CVE-2023-35018 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | N/A | 3.3 LOW |
|
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.
|
|||||
| CVE-2023-35016 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.
|
|||||