Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 6412 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40228 1 Ibm 1 Datapower Gateway 2022-11-26 N/A 5.4 MEDIUM
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.
CVE-2022-40746 2 Ibm, Microsoft 2 I Access Client Solutions, Windows 2022-11-23 N/A 6.7 MEDIUM
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.
CVE-2022-40752 3 Ibm, Linux, Microsoft 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more 2022-11-20 N/A 9.8 CRITICAL
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687.
CVE-2022-40751 1 Ibm 1 Urbancode Deploy 2022-11-18 N/A 4.9 MEDIUM
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601.
CVE-2022-38390 1 Ibm 1 Business Automation Workflow 2022-11-18 N/A 5.4 MEDIUM
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978.
CVE-2022-40753 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2022-11-18 N/A 5.4 MEDIUM
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688.
CVE-2022-38385 2 Ibm, Linux 2 Cloud Pak For Security, Linux Kernel 2022-11-18 N/A 8.1 HIGH
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777.
CVE-2022-34354 2 Ibm, Linux 2 Partner Engagement Manager, Linux Kernel 2022-11-18 N/A 3.3 LOW
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.
CVE-2022-34331 1 Ibm 1 Powervm Hypervisor 2022-11-17 N/A 9.8 CRITICAL
After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.
CVE-2022-35719 1 Ibm 1 Mq Internet Pass-thru 2022-11-16 N/A 5.5 MEDIUM
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.
CVE-2022-34313 1 Ibm 1 Cics Tx 2022-11-16 N/A 3.1 LOW
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449.
CVE-2022-34329 1 Ibm 1 Cics Tx 2022-11-16 N/A 5.3 MEDIUM
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467.
CVE-2022-34319 1 Ibm 1 Cics Tx 2022-11-16 N/A 7.5 HIGH
IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463.
CVE-2022-34312 1 Ibm 1 Cics Tx 2022-11-16 N/A 3.3 LOW
IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.
CVE-2022-34315 1 Ibm 1 Cics Tx 2022-11-16 N/A 5.4 MEDIUM
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451.
CVE-2022-34314 1 Ibm 1 Cics Tx 2022-11-16 N/A 3.3 LOW
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450.
CVE-2022-38705 1 Ibm 1 Cics Tx 2022-11-16 N/A 6.1 MEDIUM
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172.
CVE-2022-34320 1 Ibm 1 Cics Tx 2022-11-16 N/A 7.5 HIGH
IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.
CVE-2022-34317 1 Ibm 1 Cics Tx 2022-11-16 N/A 5.4 MEDIUM
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459.
CVE-2022-34316 1 Ibm 1 Cics Tx 2022-11-16 N/A 5.3 MEDIUM
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.