Filtered by vendor Ibm
Subscriptions
Total
6993 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22319 | 1 Ibm | 1 Operational Decision Manager | 2024-06-28 | 9.8 Critical |
| IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. | ||||
| CVE-2020-28198 | 1 Ibm | 1 Tivoli Storage Manager | 2024-06-26 | 7.0 High |
| The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-27583 | 1 Ibm | 1 Infosphere Information Server | 2024-06-26 | 9.8 Critical |
| IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2023-32333 | 1 Ibm | 1 Maximo Asset Management | 2024-06-25 | 9.8 Critical |
| IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. | ||||
| CVE-2023-50937 | 1 Ibm | 1 Powersc | 2024-06-25 | 7.5 High |
| IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117. | ||||
| CVE-2023-50939 | 1 Ibm | 1 Powersc | 2024-06-25 | 7.5 High |
| IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. | ||||
| CVE-2023-35011 | 1 Ibm | 1 Cognos Analytics | 2024-06-21 | 5.4 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705. | ||||
| CVE-2023-35009 | 1 Ibm | 1 Cognos Analytics | 2024-06-21 | 5.3 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703. | ||||
| CVE-2024-31878 | 1 Ibm | 1 I | 2024-06-11 | 5.3 Medium |
| IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538. | ||||
| CVE-2023-47161 | 1 Ibm | 1 Urbancode Deploy | 2024-06-07 | 6.5 Medium |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799. | ||||
| CVE-2024-22352 | 1 Ibm | 1 Infosphere Information Server | 2024-06-04 | 5.5 Medium |
| IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. | ||||
| CVE-2023-28525 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access | 2024-06-04 | 4.8 Medium |
| IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052. | ||||
| CVE-2023-47699 | 1 Ibm | 1 Sterling Secure Proxy | 2024-06-04 | 6.1 Medium |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974. | ||||
| CVE-2023-32330 | 1 Ibm | 1 Security Verify Access | 2024-06-04 | 9.8 Critical |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. | ||||
| CVE-2023-32327 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-06-04 | 7.1 High |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783. | ||||
| CVE-2023-27279 | 1 Ibm | 1 Aspera Faspex | 2024-06-04 | 6.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. | ||||
| CVE-2023-37397 | 1 Ibm | 1 Aspera Faspex | 2024-06-04 | 4.4 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672. | ||||
| CVE-2023-33851 | 1 Ibm | 1 Powervm Hypervisor | 2024-06-04 | 4.9 Medium |
| IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135. | ||||
| CVE-2023-50950 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-06-04 | 5.3 Medium |
| IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709. | ||||
| CVE-2023-50936 | 1 Ibm | 1 Powersc | 2024-06-04 | 8.8 High |
| IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116. | ||||