Filtered by vendor Ibm
Subscriptions
Total
7995 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35888 | 1 Ibm | 1 Security Verify Governance | 2025-01-27 | 5.9 Medium |
| IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. | ||||
| CVE-2023-27870 | 1 Ibm | 1 Spectrum Virtualize | 2025-01-24 | 5.9 Medium |
| IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. | ||||
| CVE-2023-27554 | 1 Ibm | 1 Websphere Application Server | 2025-01-24 | 6.3 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. | ||||
| CVE-2023-28522 | 1 Ibm | 1 Api Connect | 2025-01-24 | 4.3 Medium |
| IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585. | ||||
| CVE-2023-28520 | 1 Ibm | 1 Planning Analytics Local | 2025-01-24 | 6.4 Medium |
| IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. | ||||
| CVE-2023-27863 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2025-01-23 | 4.4 Medium |
| IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325. | ||||
| CVE-2023-28517 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2025-01-22 | 5.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421. | ||||
| CVE-2022-42443 | 1 Ibm | 2 Trusteer Android Sdk For Mobile, Trusteer Ios Sdk For Mobile | 2025-01-22 | 2.2 Low |
| An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. | ||||
| CVE-2023-30438 | 1 Ibm | 17 Power System E1050, Power System E1080, Power System E950 and 14 more | 2025-01-22 | 9.3 Critical |
| An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706. | ||||
| CVE-2023-28529 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-01-21 | 5.5 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. | ||||
| CVE-2023-22878 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-01-21 | 6.2 Medium |
| IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | ||||
| CVE-2024-47115 | 1 Ibm | 2 Aix, Vios | 2025-01-21 | 7.8 High |
| IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. | ||||
| CVE-2023-30440 | 1 Ibm | 1 Powervm Hypervisor | 2025-01-17 | 6.7 Medium |
| IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175. | ||||
| CVE-2023-26280 | 1 Ibm | 1 Jazz Foundation | 2025-01-16 | 5.3 Medium |
| IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control. | ||||
| CVE-2024-22345 | 1 Ibm | 1 Txseries For Multiplatform | 2025-01-14 | 6.2 Medium |
| IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192. | ||||
| CVE-2024-22343 | 1 Ibm | 1 Txseries For Multiplatform | 2025-01-14 | 4 Medium |
| IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190. | ||||
| CVE-2023-47712 | 1 Ibm | 1 Security Guardium | 2025-01-14 | 7.8 High |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527. | ||||
| CVE-2023-47711 | 1 Ibm | 1 Security Guardium | 2025-01-14 | 2.7 Low |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526. | ||||
| CVE-2023-47709 | 1 Ibm | 1 Security Guardium | 2025-01-14 | 9.1 Critical |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524. | ||||
| CVE-2024-22328 | 1 Ibm | 1 Maximo Application Suite | 2025-01-14 | 7.5 High |
| IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950. | ||||