Vendor CVEs
IBM
All CVEs
8,272 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31879 | 0.00 | — | 0.01 | May 18, 2024 | IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539. | |||
| CVE-2023-47717 | 0.00 | — | 0.00 | May 16, 2024 | IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690. | |||
| CVE-2024-27260 | 0.00 | — | 0.00 | May 16, 2024 | IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. | |||
| CVE-2023-47711 | 0.00 | — | 0.01 | May 11, 2024 | IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526. | |||
| CVE-2023-47712 | 0.00 | — | 0.00 | May 11, 2024 | IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527. | |||
| CVE-2023-47709 | 0.00 | — | 0.01 | May 11, 2024 | IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524. | |||
| CVE-2024-28760 | 0.00 | — | 0.00 | May 11, 2024 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244. | |||
| CVE-2024-28761 | 0.00 | — | 0.00 | May 11, 2024 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting… | |||
| CVE-2024-22345 | 0.00 | — | 0.01 | May 10, 2024 | IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192. | |||
| CVE-2024-22344 | 0.00 | — | 0.00 | May 10, 2024 | IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191. | |||
| CVE-2024-22343 | 0.00 | — | 0.00 | May 10, 2024 | IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190. | |||
| CVE-2023-38264 | 0.00 | — | 0.01 | May 10, 2024 | The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM… | |||
| CVE-2024-27269 | 0.00 | — | 0.00 | May 10, 2024 | IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575. | |||
| CVE-2024-28781 | 0.00 | — | 0.00 | May 10, 2024 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the… | |||
| CVE-2023-40694 | 0.00 | — | 0.00 | May 7, 2024 | IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. | |||
| CVE-2024-27273 | 0.00 | — | 0.00 | May 7, 2024 | IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903. | |||
| CVE-2023-27283 | 0.00 | — | 0.00 | May 4, 2024 | IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545. | |||
| CVE-2023-40695 | 0.00 | — | 0.00 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938. | |||
| CVE-2021-20451 | 0.00 | — | 0.01 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643. | |||
| CVE-2022-22364 | 0.00 | — | 0.01 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP… | |||
| CVE-2023-28952 | 0.00 | — | 0.00 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463. | |||
| CVE-2023-38724 | 0.00 | — | 0.00 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183. | |||
| CVE-2023-40696 | 0.00 | — | 0.00 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939. | |||
| CVE-2021-20556 | 0.00 | — | 0.00 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181. | |||
| CVE-2023-23474 | 0.00 | — | 0.00 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403. | |||
| CVE-2021-20450 | 0.00 | — | 0.00 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will… | |||
| CVE-2020-4874 | 0.00 | — | 0.00 | May 3, 2024 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837. | |||
| CVE-2023-37407 | 0.00 | — | 0.01 | May 3, 2024 | IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 260116. | |||
| CVE-2024-25047 | 0.00 | — | 0.01 | May 2, 2024 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956. | |||
| CVE-2023-47727 | 0.00 | — | 0.00 | May 2, 2024 | IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089. | |||
| CVE-2024-28764 | 0.00 | — | 0.00 | May 1, 2024 | IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623. | |||
| CVE-2024-25015 | 0.00 | — | 0.01 | May 1, 2024 | IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278. | |||
| CVE-2024-28775 | 0.00 | — | 0.00 | May 1, 2024 | IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… | |||
| CVE-2022-38386 | 0.00 | — | 0.00 | May 1, 2024 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. … | |||
| CVE-2023-38002 | 0.00 | — | 0.00 | Apr 30, 2024 | IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208. | |||
| CVE-2024-25050 | 0.00 | — | 0.00 | Apr 28, 2024 | IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with… | |||
| CVE-2024-25048 | 0.00 | — | 0.01 | Apr 27, 2024 | IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. | |||
| CVE-2024-25026 | 0.00 | — | 0.01 | Apr 25, 2024 | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to… | |||
| CVE-2023-47731 | 0.00 | — | 0.00 | Apr 23, 2024 | IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… | |||
| CVE-2022-40745 | 0.00 | — | 0.00 | Apr 19, 2024 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452. | |||
| CVE-2023-37397 | 0.00 | — | 0.00 | Apr 19, 2024 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672. | |||
| CVE-2023-27279 | 0.00 | — | 0.01 | Apr 19, 2024 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. | |||
| CVE-2023-37396 | 0.00 | — | 0.00 | Apr 19, 2024 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. | |||
| CVE-2023-22869 | 0.00 | — | 0.00 | Apr 19, 2024 | IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. | |||
| CVE-2023-37400 | 0.00 | — | 0.00 | Apr 19, 2024 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. | |||
| CVE-2024-30107 | 0.00 | — | 0.00 | Apr 18, 2024 | HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. | |||
| CVE-2024-23557 | 0.00 | — | 0.00 | Apr 18, 2024 | HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack. | |||
| CVE-2024-22329 | 0.00 | — | 0.00 | Apr 17, 2024 | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack.… | |||
| CVE-2024-22354 | 0.00 | — | 0.01 | Apr 17, 2024 | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive… | |||
| CVE-2024-31887 | 0.00 | — | 0.01 | Apr 16, 2024 | IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651. |
- CVE-2024-31879May 18, 2024risk 0.00cvss —epss 0.01
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
- CVE-2023-47717May 16, 2024risk 0.00cvss —epss 0.00
IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.
- CVE-2024-27260May 16, 2024risk 0.00cvss —epss 0.00
IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.
- CVE-2023-47711May 11, 2024risk 0.00cvss —epss 0.01
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526.
- CVE-2023-47712May 11, 2024risk 0.00cvss —epss 0.00
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527.
- CVE-2023-47709May 11, 2024risk 0.00cvss —epss 0.01
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524.
- CVE-2024-28760May 11, 2024risk 0.00cvss —epss 0.00
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.
- CVE-2024-28761May 11, 2024risk 0.00cvss —epss 0.00
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting…
- CVE-2024-22345May 10, 2024risk 0.00cvss —epss 0.01
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192.
- CVE-2024-22344May 10, 2024risk 0.00cvss —epss 0.00
IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191.
- CVE-2024-22343May 10, 2024risk 0.00cvss —epss 0.00
IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190.
- CVE-2023-38264May 10, 2024risk 0.00cvss —epss 0.01
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM…
- CVE-2024-27269May 10, 2024risk 0.00cvss —epss 0.00
IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575.
- CVE-2024-28781May 10, 2024risk 0.00cvss —epss 0.00
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…
- CVE-2023-40694May 7, 2024risk 0.00cvss —epss 0.00
IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.
- CVE-2024-27273May 7, 2024risk 0.00cvss —epss 0.00
IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.
- CVE-2023-27283May 4, 2024risk 0.00cvss —epss 0.00
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.
- CVE-2023-40695May 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.
- CVE-2021-20451May 3, 2024risk 0.00cvss —epss 0.01
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.
- CVE-2022-22364May 3, 2024risk 0.00cvss —epss 0.01
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP…
- CVE-2023-28952May 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.
- CVE-2023-38724May 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.
- CVE-2023-40696May 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.
- CVE-2021-20556May 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.
- CVE-2023-23474May 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.
- CVE-2021-20450May 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will…
- CVE-2020-4874May 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.
- CVE-2023-37407May 3, 2024risk 0.00cvss —epss 0.01
IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 260116.
- CVE-2024-25047May 2, 2024risk 0.00cvss —epss 0.01
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
- CVE-2023-47727May 2, 2024risk 0.00cvss —epss 0.00
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.
- CVE-2024-28764May 1, 2024risk 0.00cvss —epss 0.00
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623.
- CVE-2024-25015May 1, 2024risk 0.00cvss —epss 0.01
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.
- CVE-2024-28775May 1, 2024risk 0.00cvss —epss 0.00
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…
- CVE-2022-38386May 1, 2024risk 0.00cvss —epss 0.00
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. …
- CVE-2023-38002Apr 30, 2024risk 0.00cvss —epss 0.00
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.
- CVE-2024-25050Apr 28, 2024risk 0.00cvss —epss 0.00
IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with…
- CVE-2024-25048Apr 27, 2024risk 0.00cvss —epss 0.01
IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137.
- CVE-2024-25026Apr 25, 2024risk 0.00cvss —epss 0.01
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to…
- CVE-2023-47731Apr 23, 2024risk 0.00cvss —epss 0.00
IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…
- CVE-2022-40745Apr 19, 2024risk 0.00cvss —epss 0.00
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.
- CVE-2023-37397Apr 19, 2024risk 0.00cvss —epss 0.00
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.
- CVE-2023-27279Apr 19, 2024risk 0.00cvss —epss 0.01
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
- CVE-2023-37396Apr 19, 2024risk 0.00cvss —epss 0.00
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.
- CVE-2023-22869Apr 19, 2024risk 0.00cvss —epss 0.00
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.
- CVE-2023-37400Apr 19, 2024risk 0.00cvss —epss 0.00
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.
- CVE-2024-30107Apr 18, 2024risk 0.00cvss —epss 0.00
HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.
- CVE-2024-23557Apr 18, 2024risk 0.00cvss —epss 0.00
HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack.
- CVE-2024-22329Apr 17, 2024risk 0.00cvss —epss 0.00
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack.…
- CVE-2024-22354Apr 17, 2024risk 0.00cvss —epss 0.01
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive…
- CVE-2024-31887Apr 16, 2024risk 0.00cvss —epss 0.01
IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.
Page 116 of 166