Filtered by vendor Ibm
Subscriptions
Total
7286 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-31883 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 5.3 Medium |
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. | ||||
CVE-2024-31881 | 1 Ibm | 1 Db2 | 2024-11-21 | 6.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613. | ||||
CVE-2024-31879 | 1 Ibm | 1 I | 2024-11-21 | 7.5 High |
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539. | ||||
CVE-2024-31878 | 1 Ibm | 1 I | 2024-11-21 | 5.3 Medium |
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538. | ||||
CVE-2024-31873 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 7.5 High |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | ||||
CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 7.5 High |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | ||||
CVE-2024-31871 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 7.5 High |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | ||||
CVE-2024-31870 | 1 Ibm | 1 I | 2024-11-21 | 3.3 Low |
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. | ||||
CVE-2024-28798 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 7.2 High |
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172. | ||||
CVE-2024-28797 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 6.4 Medium |
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136. | ||||
CVE-2024-28796 | 1 Ibm | 1 Rational Clearquest | 2024-11-21 | 6.4 Medium |
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833. | ||||
CVE-2024-28795 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.4 Medium |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832. | ||||
CVE-2024-28794 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.4 Medium |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831. | ||||
CVE-2024-28793 | 1 Ibm | 1 Engineering Workflow Management | 2024-11-21 | 4.9 Medium |
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286830. | ||||
CVE-2024-28775 | 1 Ibm | 1 Websphere | 2024-11-21 | 4.4 Medium |
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648. | ||||
CVE-2024-28772 | 1 Ibm | 4 Security Directory Integrator, Security Directory Server, Security Verify Access and 1 more | 2024-11-21 | 6.8 Medium |
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. | ||||
CVE-2024-28764 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2024-11-21 | 6.5 Medium |
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623. | ||||
CVE-2024-28762 | 1 Ibm | 1 Db2 | 2024-11-21 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246. | ||||
CVE-2024-27275 | 1 Ibm | 1 I | 2024-11-21 | 7.4 High |
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. IBM X-Force ID: 285203. | ||||
CVE-2024-27266 | 1 Ibm | 1 Maximo Application Suite | 2024-11-21 | 8.2 High |
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566. |