Filtered by vendor Ibm
Subscriptions
Total
7155 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-31902 | 1 Ibm | 1 Infosphere Information Server | 2024-08-02 | 4.3 Medium |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234. | ||||
CVE-2024-31873 | 1 Ibm | 1 Security Verify Access | 2024-08-02 | 7.5 High |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | ||||
CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2024-08-02 | 7.5 High |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | ||||
CVE-2024-31893 | 1 Ibm | 1 App Connect Enterprise | 2024-08-02 | 4.3 Medium |
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174. | ||||
CVE-2024-31879 | 1 Ibm | 1 I | 2024-08-02 | 7.5 High |
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539. | ||||
CVE-2024-28796 | 1 Ibm | 1 Rational Clearquest | 2024-08-02 | 6.4 Medium |
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833. | ||||
CVE-2024-28794 | 1 Ibm | 1 Infosphere Information Server | 2024-08-02 | 5.4 Medium |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831. | ||||
CVE-2024-28775 | 1 Ibm | 1 Websphere | 2024-08-02 | 4.4 Medium |
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648. | ||||
CVE-2024-28798 | 1 Ibm | 1 Infosphere Information Server | 2024-08-02 | 7.2 High |
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172. | ||||
CVE-2024-28764 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2024-08-02 | 6.5 Medium |
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623. | ||||
CVE-2024-28797 | 1 Ibm | 1 Infosphere Information Server | 2024-08-02 | 6.4 Medium |
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136. | ||||
CVE-2024-28793 | 1 Ibm | 1 Engineering Workflow Management | 2024-08-02 | 4.9 Medium |
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286830. | ||||
CVE-2024-27266 | 1 Ibm | 1 Maximo Application Suite | 2024-08-02 | 8.2 High |
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566. | ||||
CVE-2024-27260 | 1 Ibm | 2 Aix, Vios | 2024-08-02 | 8.4 High |
IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. | ||||
CVE-2024-27265 | 3 Ibm, Linux, Microsoft | 4 Integration Bus, Z\/os, Linux Kernel and 1 more | 2024-08-02 | 4.5 Medium |
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. | ||||
CVE-2024-27264 | 1 Ibm | 1 I | 2024-08-02 | 7.4 High |
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | ||||
CVE-2024-25023 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-08-01 | 6.2 Medium |
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. | ||||
CVE-2024-25053 | 1 Ibm | 1 Cognos Analytics | 2024-08-01 | 5.9 Medium |
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364. | ||||
CVE-2024-25027 | 1 Ibm | 1 Security Verify Access | 2024-08-01 | 6.2 Medium |
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. | ||||
CVE-2024-25041 | 1 Ibm | 1 Cognos Analytics | 2024-08-01 | 5.4 Medium |
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780. |