Filtered by vendor Ibm
Subscriptions
Total
7286 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-27265 | 3 Ibm, Linux, Microsoft | 4 Integration Bus, Z\/os, Linux Kernel and 1 more | 2024-11-21 | 4.5 Medium |
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. | ||||
CVE-2024-27264 | 1 Ibm | 1 I | 2024-11-21 | 7.4 High |
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | ||||
CVE-2024-27260 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 8.4 High |
IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. | ||||
CVE-2024-25053 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 5.9 Medium |
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364. | ||||
CVE-2024-25052 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 4.4 Medium |
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | ||||
CVE-2024-25041 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 5.4 Medium |
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780. | ||||
CVE-2024-25031 | 1 Ibm | 2 Storage Defender, Storage Defender Resiliency Service | 2024-11-21 | 6.5 Medium |
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. | ||||
CVE-2024-25027 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 6.2 Medium |
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. | ||||
CVE-2024-25023 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-11-21 | 5.5 Medium |
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. | ||||
CVE-2024-23622 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 10 Critical |
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. | ||||
CVE-2024-23621 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 10 Critical |
A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | ||||
CVE-2024-23620 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 8.8 High |
An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. | ||||
CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 9.8 Critical |
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | ||||
CVE-2024-22361 | 1 Ibm | 1 Semeru Runtime | 2024-11-21 | 5.9 Medium |
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. | ||||
CVE-2024-22354 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7 High |
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401. | ||||
CVE-2024-22353 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.9 Medium |
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. | ||||
CVE-2024-22352 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 6.5 Medium |
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. | ||||
CVE-2024-22346 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. | ||||
CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2024-11-21 | 4 Medium |
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | ||||
CVE-2024-22333 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-11-21 | 3.3 Low |
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. |