Filtered by vendor Ibm
Subscriptions
Total
7995 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28794 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831. | ||||
| CVE-2024-28772 | 1 Ibm | 4 Security Directory Integrator, Security Directory Server, Security Verify Access and 1 more | 2024-11-21 | 6.8 Medium |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. | ||||
| CVE-2024-27266 | 1 Ibm | 1 Maximo Application Suite | 2024-11-21 | 8.2 High |
| IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566. | ||||
| CVE-2024-27265 | 3 Ibm, Linux, Microsoft | 4 Integration Bus, Z\/os, Linux Kernel and 1 more | 2024-11-21 | 4.5 Medium |
| IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. | ||||
| CVE-2024-25052 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 4.4 Medium |
| IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | ||||
| CVE-2024-25031 | 1 Ibm | 2 Storage Defender, Storage Defender Resiliency Service | 2024-11-21 | 6.5 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. | ||||
| CVE-2024-25023 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-11-21 | 5.5 Medium |
| IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. | ||||
| CVE-2024-23620 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 8.8 High |
| An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. | ||||
| CVE-2024-22361 | 1 Ibm | 1 Semeru Runtime | 2024-11-21 | 5.9 Medium |
| IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. | ||||
| CVE-2024-22354 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7 High |
| IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401. | ||||
| CVE-2024-22353 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.9 Medium |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. | ||||
| CVE-2024-22352 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. | ||||
| CVE-2024-22346 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. | ||||
| CVE-2024-22333 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-11-21 | 3.3 Low |
| IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. | ||||
| CVE-2024-22332 | 1 Ibm | 1 Integration Bus | 2024-11-21 | 6.5 Medium |
| The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. | ||||
| CVE-2024-22331 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2024-11-21 | 6.2 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. | ||||
| CVE-2024-22329 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2024-11-21 | 4.3 Medium |
| IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951. | ||||
| CVE-2024-22326 | 1 Ibm | 2 Ds8900f Firmware, System Storage Ds8000 Management Console Firmware | 2024-11-21 | 5 Medium |
| IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518. | ||||
| CVE-2024-22319 | 1 Ibm | 1 Operational Decision Manager | 2024-11-21 | 8.1 High |
| IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. | ||||
| CVE-2024-22318 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | 5.1 Medium |
| IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091. | ||||