Filtered by vendor Ibm
Subscriptions
Total
7159 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22447 | 1 Ibm | 1 Disconnected Log Collector | 2024-09-19 | 4 Medium |
| IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648. | ||||
| CVE-2023-35905 | 1 Ibm | 1 Filenet Content Manager | 2024-09-19 | 4.6 Medium |
| IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384. | ||||
| CVE-2023-37404 | 1 Ibm | 1 Observability With Instana | 2024-09-19 | 6.4 Medium |
| IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789. | ||||
| CVE-2023-35012 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2024-09-19 | 6.7 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763. | ||||
| CVE-2022-33160 | 1 Ibm | 1 Security Directory Suite Va | 2024-09-19 | 3.7 Low |
| IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. | ||||
| CVE-2023-33850 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2024-09-19 | 7.5 High |
| IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. | ||||
| CVE-2023-33837 | 1 Ibm | 1 Security Verify Governance | 2024-09-19 | 4.1 Medium |
| IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | ||||
| CVE-2023-43058 | 2 Ibm, Redhat | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Openshift | 2024-09-19 | 5.3 Medium |
| IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. | ||||
| CVE-2023-35897 | 1 Ibm | 2 Storage Protect, Storage Protect Client | 2024-09-19 | 8.4 High |
| IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | ||||
| CVE-2024-35118 | 1 Ibm | 2 Maas360, Maas360 Mdm | 2024-09-19 | 4.6 Medium |
| IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | ||||
| CVE-2023-23476 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2024-09-19 | 3.1 Low |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425. | ||||
| CVE-2023-32338 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-09-19 | 5.1 Medium |
| IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. | ||||
| CVE-2022-43906 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-19 | 3.1 Low |
| IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897. | ||||
| CVE-2023-40376 | 1 Ibm | 1 Urbancode Deploy | 2024-09-19 | 5.3 Medium |
| IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. | ||||
| CVE-2023-40684 | 1 Ibm | 1 Content Navigator | 2024-09-19 | 4.6 Medium |
| IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. | ||||
| CVE-2022-34355 | 1 Ibm | 2 Collaborative Lifecycle Management, Engineering Lifecycle Management | 2024-09-19 | 4 Medium |
| IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498. | ||||
| CVE-2024-43188 | 1 Ibm | 1 Business Automation Workflow | 2024-09-18 | 4.9 Medium |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | ||||
| CVE-2024-39732 | 1 Ibm | 1 Datacap | 2024-09-18 | 4.1 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. | ||||
| CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-09-18 | 6.2 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. | ||||
| CVE-2024-39734 | 1 Ibm | 1 Datacap | 2024-09-18 | 4.3 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001. | ||||