Filtered by vendor Ibm
Subscriptions
Total
7286 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-22332 | 1 Ibm | 1 Integration Bus | 2024-11-21 | 6.5 Medium |
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. | ||||
CVE-2024-22331 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2024-11-21 | 6.2 Medium |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. | ||||
CVE-2024-22329 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2024-11-21 | 4.3 Medium |
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951. | ||||
CVE-2024-22326 | 1 Ibm | 2 Ds8900f Firmware, System Storage Ds8000 Management Console Firmware | 2024-11-21 | 5 Medium |
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518. | ||||
CVE-2024-22320 | 1 Ibm | 1 Operational Decision Manager | 2024-11-21 | 9.8 Critical |
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. | ||||
CVE-2024-22319 | 1 Ibm | 1 Operational Decision Manager | 2024-11-21 | 8.1 High |
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. | ||||
CVE-2024-22318 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | 5.1 Medium |
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091. | ||||
CVE-2024-22317 | 1 Ibm | 1 App Connect Enterprise | 2024-11-21 | 9.1 Critical |
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. | ||||
CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | 6.2 Medium |
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | ||||
CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | 4.4 Medium |
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | ||||
CVE-2023-50964 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.4 Medium |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102. | ||||
CVE-2023-50963 | 1 Ibm | 1 Storage Defender Data Protect | 2024-11-21 | 6.5 Medium |
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | ||||
CVE-2023-50962 | 1 Ibm | 1 Powersc | 2024-11-21 | 5.9 Medium |
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004. | ||||
CVE-2023-50959 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 5.3 Medium |
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. | ||||
CVE-2023-50957 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | 8 High |
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783. | ||||
CVE-2023-50954 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 4.3 Medium |
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776. | ||||
CVE-2023-50953 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.4 Medium |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775. | ||||
CVE-2023-50952 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.4 Medium |
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774. | ||||
CVE-2023-50950 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.7 Low |
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709. | ||||
CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-11-21 | 6.5 Medium |
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. |