Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43908 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2023-07-28 | N/A | 6.5 MEDIUM |
| IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903. | |||||
| CVE-2022-43910 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2023-07-27 | N/A | 7.8 HIGH |
| IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908. | |||||
| CVE-2023-33832 | 2 Ibm, Linux | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2023-07-27 | N/A | 4.7 MEDIUM |
| IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012. | |||||
| CVE-2023-30988 | 1 Ibm | 1 I | 2023-07-26 | N/A | 7.8 HIGH |
| The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016. | |||||
| CVE-2023-30989 | 1 Ibm | 1 I | 2023-07-26 | N/A | 7.8 HIGH |
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017. | |||||
| CVE-2023-33857 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-07-26 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. | |||||
| CVE-2023-35901 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2023-07-26 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. | |||||
| CVE-2023-30990 | 1 Ibm | 1 I | 2023-07-17 | N/A | 9.8 CRITICAL |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036. | |||||
| CVE-2023-28955 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2023-07-13 | N/A | 6.5 MEDIUM |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704. | |||||
| CVE-2023-28958 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2023-07-13 | N/A | 7.8 HIGH |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. | |||||
| CVE-2021-39014 | 1 Ibm | 1 Cloud Object Storage System | 2023-07-13 | N/A | 5.4 MEDIUM |
| IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650. | |||||
| CVE-2023-27540 | 2 Ibm, Redhat | 3 Cloud Pak For Data, Watson Cp4d Data Stores, Openshift | 2023-07-13 | N/A | 7.5 HIGH |
| IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924. | |||||
| CVE-2023-35890 | 1 Ibm | 1 Websphere Application Server | 2023-07-12 | N/A | 5.5 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. | |||||
| CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2023-07-07 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | |||||
| CVE-2023-27866 | 1 Ibm | 1 Informix Jdbc Driver | 2023-07-06 | N/A | 9.8 CRITICAL |
| IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511. | |||||
| CVE-2023-30993 | 1 Ibm | 1 Cloud Pak For Security | 2023-07-05 | N/A | 7.5 HIGH |
| IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136. | |||||
| CVE-2023-23468 | 2 Ibm, Redhat | 2 Robotic Process Automation, Openshift | 2023-07-05 | N/A | 5.5 MEDIUM |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500. | |||||
| CVE-2023-26276 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-07-05 | N/A | 7.5 HIGH |
| IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147. | |||||
| CVE-2023-26274 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-07-05 | N/A | 5.4 MEDIUM |
| IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144. | |||||
| CVE-2022-34352 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-07-05 | N/A | 6.5 MEDIUM |
| IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403. | |||||