Filtered by vendor Ibm Subscriptions
Total 7286 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-22332 1 Ibm 1 Integration Bus 2024-11-21 6.5 Medium
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.
CVE-2024-22331 1 Ibm 2 Devops Deploy, Urbancode Deploy 2024-11-21 6.2 Medium
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.
CVE-2024-22329 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2024-11-21 4.3 Medium
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.
CVE-2024-22326 1 Ibm 2 Ds8900f Firmware, System Storage Ds8000 Management Console Firmware 2024-11-21 5 Medium
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.   IBM X-Force ID: 279518.
CVE-2024-22320 1 Ibm 1 Operational Decision Manager 2024-11-21 9.8 Critical
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
CVE-2024-22319 1 Ibm 1 Operational Decision Manager 2024-11-21 8.1 High
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
CVE-2024-22318 1 Ibm 1 I Access Client Solutions 2024-11-21 5.1 Medium
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
CVE-2024-22317 1 Ibm 1 App Connect Enterprise 2024-11-21 9.1 Critical
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.
CVE-2024-22313 1 Ibm 1 Storage Defender Resiliency Service 2024-11-21 6.2 Medium
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
CVE-2024-22312 1 Ibm 1 Storage Defender Resiliency Service 2024-11-21 4.4 Medium
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
CVE-2023-50964 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102.
CVE-2023-50963 1 Ibm 1 Storage Defender Data Protect 2024-11-21 6.5 Medium
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.
CVE-2023-50962 1 Ibm 1 Powersc 2024-11-21 5.9 Medium
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.
CVE-2023-50959 1 Ibm 1 Cloud Pak For Business Automation 2024-11-21 5.3 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.
CVE-2023-50957 1 Ibm 1 Storage Defender Resiliency Service 2024-11-21 8 High
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.
CVE-2023-50954 1 Ibm 1 Infosphere Information Server 2024-11-21 4.3 Medium
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.
CVE-2023-50953 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.
CVE-2023-50952 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.
CVE-2023-50950 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 3.7 Low
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.
CVE-2023-50948 1 Ibm 1 Storage Fusion Hci 2024-11-21 6.5 Medium
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.