Filtered by vendor Ibm Subscriptions
Total 7158 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-25929 1 Ibm 1 Cognos Analytics 2024-08-02 4.6 Medium
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.
CVE-2023-25924 1 Ibm 1 Security Key Lifecycle Manager 2024-08-02 5.4 Medium
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.
CVE-2023-25923 1 Ibm 1 Security Key Lifecycle Manager 2024-08-02 2.7 Low
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629.
CVE-2023-25687 1 Ibm 1 Security Key Lifecycle Manager 2024-08-02 4.3 Medium
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602.
CVE-2023-25689 1 Ibm 1 Security Key Lifecycle Manager 2024-08-02 2.7 Low
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247618.
CVE-2023-25686 1 Ibm 1 Security Key Lifecycle Manager 2024-08-02 6.2 Medium
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601.
CVE-2023-25682 1 Ibm 1 Sterling B2b Integrator 2024-08-02 6.2 Medium
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.
CVE-2023-25688 1 Ibm 1 Security Key Lifecycle Manager 2024-08-02 4.3 Medium
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606.
CVE-2023-25680 1 Ibm 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak 2024-08-02 4.2 Medium
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.
CVE-2023-25684 1 Ibm 1 Security Key Lifecycle Manager 2024-08-02 6.5 Medium
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597.
CVE-2023-25683 1 Ibm 1 Powervm Hypervisor 2024-08-02 5.9 Medium
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.
CVE-2023-24964 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2024-08-02 6.2 Medium
IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.
CVE-2023-24957 1 Ibm 1 Business Automation Workflow 2024-08-02 5.4 Medium
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.
CVE-2023-24959 1 Ibm 1 Infosphere Information Server 2024-08-02 5.3 Medium
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.
CVE-2023-24971 1 Ibm 2 B2b Advanced Communications, Multi-enterprise Integration Gateway 2024-08-02 7.5 High
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.
CVE-2023-24960 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2024-08-02 7.5 High
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333
CVE-2023-24975 1 Ibm 1 Spectrum Symphony 2024-08-02 5.4 Medium
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030.
CVE-2023-24965 2 Ibm, Linux 2 Aspera Faspex, Linux Kernel 2024-08-02 5.8 Medium
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.
CVE-2023-24966 1 Ibm 1 Websphere Application Server 2024-08-02 6.1 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.
CVE-2023-24958 1 Ibm 6 3948-ved, 3948-ved Firmware, 3957-vec and 3 more 2024-08-02 8.8 High
A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320.