Filtered by vendor Ibm
Subscriptions
Total
7159 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-25023 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-19 | 6.2 Medium |
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. | ||||
CVE-2022-22447 | 1 Ibm | 1 Disconnected Log Collector | 2024-09-19 | 4 Medium |
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648. | ||||
CVE-2023-35905 | 1 Ibm | 1 Filenet Content Manager | 2024-09-19 | 4.6 Medium |
IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384. | ||||
CVE-2023-37404 | 1 Ibm | 1 Observability With Instana | 2024-09-19 | 6.4 Medium |
IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789. | ||||
CVE-2023-35012 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2024-09-19 | 6.7 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763. | ||||
CVE-2022-33160 | 1 Ibm | 1 Security Directory Suite Va | 2024-09-19 | 3.7 Low |
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. | ||||
CVE-2023-33850 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2024-09-19 | 7.5 High |
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. | ||||
CVE-2023-33837 | 1 Ibm | 1 Security Verify Governance | 2024-09-19 | 4.1 Medium |
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | ||||
CVE-2023-43058 | 2 Ibm, Redhat | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Openshift | 2024-09-19 | 5.3 Medium |
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. | ||||
CVE-2023-35897 | 1 Ibm | 2 Storage Protect, Storage Protect Client | 2024-09-19 | 8.4 High |
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | ||||
CVE-2024-35118 | 1 Ibm | 2 Maas360, Maas360 Mdm | 2024-09-19 | 4.6 Medium |
IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | ||||
CVE-2023-23476 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2024-09-19 | 3.1 Low |
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425. | ||||
CVE-2023-32338 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-09-19 | 5.1 Medium |
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. | ||||
CVE-2022-43906 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-19 | 3.1 Low |
IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897. | ||||
CVE-2023-40376 | 1 Ibm | 1 Urbancode Deploy | 2024-09-19 | 5.3 Medium |
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. | ||||
CVE-2023-40684 | 1 Ibm | 1 Content Navigator | 2024-09-19 | 4.6 Medium |
IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. | ||||
CVE-2022-34355 | 1 Ibm | 2 Collaborative Lifecycle Management, Engineering Lifecycle Management | 2024-09-19 | 4 Medium |
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498. | ||||
CVE-2024-43188 | 1 Ibm | 1 Business Automation Workflow | 2024-09-18 | 4.9 Medium |
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | ||||
CVE-2024-39732 | 1 Ibm | 1 Datacap | 2024-09-18 | 4.1 Medium |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. | ||||
CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-09-18 | 6.2 Medium |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. |