Filtered by vendor Ibm Subscriptions
Total 7155 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-23473 1 Ibm 1 Infosphere Information Server 2024-08-02 5.3 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.
CVE-2023-23470 1 Ibm 1 I 2024-08-02 6.4 Medium
IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.
CVE-2023-23469 1 Ibm 1 Cloud Pak For Business Automation 2024-08-02 4 Medium
IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.
CVE-2023-22876 1 Ibm 1 Sterling B2b Integrator 2024-08-02 4.3 Medium
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364.
CVE-2023-22878 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2024-08-02 6.2 Medium
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.
CVE-2023-22863 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2024-08-02 5.9 Medium
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.
CVE-2023-22877 1 Ibm 1 Infosphere Information Server 2024-08-02 7 High
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.
CVE-2023-22875 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-08-02 8.4 High
IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356.
CVE-2023-22860 1 Ibm 1 Cloud Pak For Business Automation 2024-08-02 5.4 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.
CVE-2023-22870 2 Ibm, Linux 2 Aspera Faspex, Linux Kernel 2024-08-02 5.9 Medium
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.
CVE-2023-22868 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2024-08-02 5.4 Medium
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.
CVE-2023-22862 1 Ibm 2 Aspera Cargo, Aspera Connect 2024-08-02 5.9 Medium
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107.
CVE-2023-22874 1 Ibm 1 Mq Appliance 2024-08-02 5.5 Medium
IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.
CVE-2023-22593 2 Ibm, Redhat 2 Robotic Process Automation, Openshift 2024-08-02 4 Medium
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
CVE-2023-22591 1 Ibm 2 Robotic Process Automation, Robotic Process Automation As A Service 2024-08-02 3.9 Low
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.
CVE-2023-22595 1 Ibm 2 B2b Advanced Communications, Multi-enterprise Integration Gateway 2024-08-02 5.4 Medium
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076.
CVE-2023-22594 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2024-08-02 4.6 Medium
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.
CVE-2023-22592 2 Ibm, Redhat 2 Robotic Process Automation For Cloud Pak, Openshift 2024-08-02 4 Medium
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.
CVE-2023-1995 6 Hitachi, Hp, Ibm and 3 more 8 Hirdb Server, Hirdb Server With Additional Function, Hirdb Structured Data Access Facility and 5 more 2024-08-02 5.3 Medium
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.
CVE-2023-0041 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2024-08-02 6.3 Medium
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657.