Filtered by vendor Ibm
Subscribe
Total
7009 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0088 | 1 Ibm | 1 Aix | 2023-11-07 | 10.0 HIGH | N/A |
| IRIX and AIX automountd services (autofsd) allow remote users to execute root commands. | |||||
| CVE-2023-46158 | 1 Ibm | 1 Websphere Application Server Liberty | 2023-11-01 | N/A | 9.8 CRITICAL |
| IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. | |||||
| CVE-2023-42031 | 2 Ibm, Linux | 4 Aix, Cics Tx, Txseries For Multiplatforms and 1 more | 2023-10-31 | N/A | 4.9 MEDIUM |
| IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016. | |||||
| CVE-2023-43045 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2023-10-28 | N/A | 7.5 HIGH |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. | |||||
| CVE-2023-33837 | 1 Ibm | 1 Security Verify Governance | 2023-10-28 | N/A | 7.5 HIGH |
| IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | |||||
| CVE-2023-38722 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2023-10-28 | N/A | 5.4 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174. | |||||
| CVE-2023-33840 | 1 Ibm | 1 Security Verify Governance | 2023-10-28 | N/A | 4.8 MEDIUM |
| IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037. | |||||
| CVE-2023-33839 | 1 Ibm | 1 Security Verify Governance | 2023-10-28 | N/A | 8.8 HIGH |
| IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | |||||
| CVE-2022-22466 | 1 Ibm | 1 Security Verify Governance | 2023-10-28 | N/A | 9.8 CRITICAL |
| IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. | |||||
| CVE-2023-38275 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2023-10-27 | N/A | 7.5 HIGH |
| IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. | |||||
| CVE-2023-38276 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2023-10-27 | N/A | 7.5 HIGH |
| IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. | |||||
| CVE-2023-38735 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2023-10-27 | N/A | 6.5 MEDIUM |
| IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482. | |||||
| CVE-2023-38280 | 1 Ibm | 1 Hardware Management Console | 2023-10-19 | N/A | 7.8 HIGH |
| IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740. | |||||
| CVE-2023-35013 | 1 Ibm | 1 Security Verify Governance | 2023-10-19 | N/A | 4.4 MEDIUM |
| IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. | |||||
| CVE-2023-40377 | 1 Ibm | 1 I | 2023-10-19 | N/A | 7.8 HIGH |
| Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583. | |||||
| CVE-2023-33836 | 1 Ibm | 1 Security Verify Governance | 2023-10-19 | N/A | 9.8 CRITICAL |
| IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. | |||||
| CVE-2023-35018 | 1 Ibm | 1 Security Verify Governance | 2023-10-19 | N/A | 7.2 HIGH |
| IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. | |||||
| CVE-2023-45176 | 1 Ibm | 2 App Connect Enterprise, Integration Bus | 2023-10-19 | N/A | 5.5 MEDIUM |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998. | |||||
| CVE-2023-40378 | 1 Ibm | 1 I | 2023-10-19 | N/A | 7.8 HIGH |
| IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584. | |||||
| CVE-2023-35024 | 1 Ibm | 1 Cloud Pak For Business Automation | 2023-10-18 | N/A | 7.6 HIGH |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349. | |||||