Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31903 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. | |||||
| CVE-2024-31913 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-52292 | 1 Ibm | 1 Sterling File Gateway | 2025-03-05 | N/A | 5.4 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-47159 | 1 Ibm | 1 Sterling File Gateway | 2025-03-05 | N/A | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. | |||||
| CVE-2024-22316 | 1 Ibm | 1 Sterling File Gateway | 2025-03-05 | N/A | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. | |||||
| CVE-2023-50316 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 9.8 CRITICAL |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2024-27263 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-04 | N/A | 5.3 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. | |||||
| CVE-2023-33838 | 1 Ibm | 1 Security Verify Governance | 2025-03-04 | N/A | 4.9 MEDIUM |
| IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. | |||||
| CVE-2023-35017 | 1 Ibm | 1 Security Verify Governance | 2025-03-04 | N/A | N/A |
| IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. | |||||
| CVE-2023-37413 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | N/A | 5.3 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. | |||||
| CVE-2023-37398 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | N/A | 9.8 CRITICAL |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2023-35907 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | N/A | 9.8 CRITICAL |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2023-37412 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | N/A | 4.9 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | |||||
| CVE-2023-50309 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-04 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-32340 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-04 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-25034 | 1 Ibm | 1 Planning Analytics | 2025-03-04 | N/A | 8.8 HIGH |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | |||||
| CVE-2024-35112 | 1 Ibm | 1 Control Center | 2025-03-04 | N/A | 4.3 MEDIUM |
| IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2024-35111 | 1 Ibm | 1 Control Center | 2025-03-04 | N/A | 4.3 MEDIUM |
| IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2024-35113 | 1 Ibm | 1 Control Center | 2025-03-04 | N/A | 6.5 MEDIUM |
| IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | |||||
| CVE-2024-40693 | 1 Ibm | 1 Planning Analytics | 2025-03-04 | N/A | 8.0 HIGH |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | |||||