Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50964 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102. | |||||
| CVE-2024-28794 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831. | |||||
| CVE-2023-33859 | 1 Ibm | 1 Security Qradar Edr | 2024-07-31 | N/A | 5.3 MEDIUM |
| IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697. | |||||
| CVE-2024-39731 | 1 Ibm | 1 Datacap | 2024-07-16 | N/A | 7.5 HIGH |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970. | |||||
| CVE-2024-39735 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-07-16 | N/A | 5.4 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002. | |||||
| CVE-2024-39740 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-07-16 | N/A | 5.3 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009. | |||||
| CVE-2024-39741 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-07-16 | N/A | 5.3 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010. | |||||
| CVE-2024-39736 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-07-16 | N/A | 9.8 CRITICAL |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003. | |||||
| CVE-2024-39729 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-07-16 | N/A | 4.3 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968. | |||||
| CVE-2024-39737 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-07-16 | N/A | 5.3 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004. | |||||
| CVE-2024-39739 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-07-16 | N/A | 4.3 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008. | |||||
| CVE-2024-39728 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-07-16 | N/A | 5.4 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967. | |||||
| CVE-2024-39723 | 1 Ibm | 1 Storage Virtualize | 2024-07-11 | N/A | 4.6 MEDIUM |
| IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. | |||||
| CVE-2024-38330 | 1 Ibm | 1 I | 2024-07-11 | N/A | 7.8 HIGH |
| IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227. | |||||
| CVE-2024-31897 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-07-11 | N/A | 4.3 MEDIUM |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178. | |||||
| CVE-2024-37528 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-07-11 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293. | |||||
| CVE-2023-35011 | 1 Ibm | 1 Cognos Analytics | 2024-06-21 | N/A | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705. | |||||
| CVE-2023-35009 | 1 Ibm | 1 Cognos Analytics | 2024-06-21 | N/A | 5.3 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703. | |||||
| CVE-2024-31878 | 1 Ibm | 1 I | 2024-06-11 | N/A | 5.3 MEDIUM |
| IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538. | |||||
| CVE-2023-38267 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-05-24 | N/A | 5.5 MEDIUM |
| IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. | |||||