Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38371 | 1 Ibm | 1 Security Access Manager | 2024-08-02 | N/A | 7.5 HIGH |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198. | |||||
| CVE-2024-31883 | 1 Ibm | 1 Security Verify Access | 2024-08-02 | N/A | 5.9 MEDIUM |
| IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. | |||||
| CVE-2024-31870 | 1 Ibm | 1 I | 2024-08-01 | N/A | 3.3 LOW |
| IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. | |||||
| CVE-2024-25053 | 1 Ibm | 1 Cognos Analytics | 2024-08-01 | N/A | 5.9 MEDIUM |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364. | |||||
| CVE-2024-25041 | 1 Ibm | 1 Cognos Analytics | 2024-08-01 | N/A | 5.4 MEDIUM |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780. | |||||
| CVE-2024-25031 | 1 Ibm | 1 Storage Defender | 2024-08-01 | N/A | 6.5 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. | |||||
| CVE-2022-38383 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-08-01 | N/A | 3.3 LOW |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673. | |||||
| CVE-2024-35155 | 1 Ibm | 1 Mq | 2024-08-01 | N/A | 6.5 MEDIUM |
| IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765. | |||||
| CVE-2024-31919 | 1 Ibm | 1 Mq | 2024-08-01 | N/A | 7.5 HIGH |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259. | |||||
| CVE-2024-31912 | 1 Ibm | 1 Mq | 2024-08-01 | N/A | 8.8 HIGH |
| IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. | |||||
| CVE-2024-35139 | 1 Ibm | 1 Security Access Manager | 2024-08-01 | N/A | 5.5 MEDIUM |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415. | |||||
| CVE-2024-35137 | 1 Ibm | 1 Security Access Manager | 2024-07-31 | N/A | 6.2 MEDIUM |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413. | |||||
| CVE-2023-38370 | 1 Ibm | 1 Security Access Manager | 2024-07-31 | N/A | 6.5 MEDIUM |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197. | |||||
| CVE-2023-50952 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774. | |||||
| CVE-2024-28798 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 6.1 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172. | |||||
| CVE-2024-31902 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234. | |||||
| CVE-2024-35119 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342. | |||||
| CVE-2023-50953 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775. | |||||
| CVE-2024-28797 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136. | |||||
| CVE-2024-31898 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182. | |||||