Filtered by vendor Ibm Subscriptions
Total 7286 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-35140 1 Ibm 1 Security Verify Access Docker 2024-11-21 7.7 High
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416.
CVE-2024-35139 1 Ibm 2 Security Access Manager, Security Verify Access Docker 2024-11-21 6.2 Medium
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.
CVE-2024-35137 1 Ibm 2 Security Access Manager, Security Verify Access Docker 2024-11-21 6.2 Medium
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
CVE-2024-35119 1 Ibm 1 Infosphere Information Server 2024-11-21 5.3 Medium
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.
CVE-2024-35116 1 Ibm 2 Mq, Mq Appliance 2024-11-21 5.9 Medium
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.
CVE-2024-31919 1 Ibm 2 Mq, Mq Appliance 2024-11-21 5.9 Medium
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.
CVE-2024-31916 1 Ibm 1 Openbmc 2024-11-21 7.5 High
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026.
CVE-2024-31912 1 Ibm 2 Mq, Mq Appliance 2024-11-21 7.5 High
IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.
CVE-2024-31908 1 Ibm 1 Planning Analytics Local 2024-11-21 6.4 Medium
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890.
CVE-2024-31907 1 Ibm 1 Planning Analytics Local 2024-11-21 5.4 Medium
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889.
CVE-2024-31904 1 Ibm 1 App Connect Enterprise 2024-11-21 6.5 Medium
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647.
CVE-2024-31902 1 Ibm 1 Infosphere Information Server 2024-11-21 4.3 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.
CVE-2024-31898 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182.
CVE-2024-31897 1 Ibm 1 Cloud Pak For Business Automation 2024-11-21 4.3 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.
CVE-2024-31895 1 Ibm 1 App Connect Enterprise 2024-11-21 4.3 Medium
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.
CVE-2024-31894 1 Ibm 1 App Connect Enterprise 2024-11-21 4.3 Medium
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.
CVE-2024-31893 1 Ibm 1 App Connect Enterprise 2024-11-21 4.3 Medium
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.
CVE-2024-31890 1 Ibm 1 I 2024-11-21 7.8 High
IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171.
CVE-2024-31889 1 Ibm 1 Planning Analytics Local 2024-11-21 5.4 Medium
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.
CVE-2024-31887 1 Ibm 1 Security Verify Privilege 2024-11-21 7.5 High
IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.