Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 6957 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22332 1 Ibm 1 Integration Bus 2024-02-16 N/A 6.5 MEDIUM
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.
CVE-2024-22318 1 Ibm 1 I Access Client Solutions 2024-02-16 N/A 5.5 MEDIUM
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
CVE-2024-22361 1 Ibm 1 Semeru Runtime 2024-02-16 N/A 7.5 HIGH
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.
CVE-2005-4868 2 Ibm, Microsoft 2 Db2 Universal Database, Windows 2024-02-16 2.1 LOW 7.1 HIGH
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
CVE-2022-41299 1 Ibm 1 Cloud Transformation Advisor 2024-02-16 N/A 5.4 MEDIUM
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214.
CVE-2007-5544 1 Ibm 2 Lotus Domino, Lotus Notes 2024-02-15 6.2 MEDIUM 7.8 HIGH
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.
CVE-2023-47700 1 Ibm 1 Storage Virtualize 2024-02-15 N/A 7.5 HIGH
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
CVE-2023-46183 1 Ibm 1 Powervm Hypervisor 2024-02-15 N/A 4.4 MEDIUM
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.
CVE-2023-45191 1 Ibm 1 Engineering Lifecycle Optimization 2024-02-15 N/A 7.5 HIGH
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.
CVE-2023-45190 1 Ibm 1 Engineering Lifecycle Optimization 2024-02-15 N/A 6.1 MEDIUM
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.
CVE-2023-45187 1 Ibm 1 Engineering Lifecycle Optimization 2024-02-15 N/A 8.8 HIGH
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.
CVE-2023-42016 1 Ibm 1 Sterling B2b Integrator 2024-02-15 N/A 4.3 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559.
CVE-2023-32341 1 Ibm 1 Sterling B2b Integrator 2024-02-15 N/A 6.5 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.
CVE-2024-22313 1 Ibm 1 Storage Defender Resiliency Service 2024-02-15 N/A 7.8 HIGH
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
CVE-2024-22312 1 Ibm 1 Storage Defender Resiliency Service 2024-02-15 N/A 5.5 MEDIUM
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
CVE-2023-50957 1 Ibm 1 Storage Defender Resiliency Service 2024-02-15 N/A 7.2 HIGH
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.
CVE-2000-1117 1 Ibm 1 Lotus Notes 2024-02-14 5.0 MEDIUM N/A
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
CVE-2004-0243 1 Ibm 1 Aix 2024-02-14 5.0 MEDIUM N/A
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
CVE-2015-0235 7 Apple, Debian, Gnu and 4 more 18 Mac Os X, Debian Linux, Glibc and 15 more 2024-02-14 10.0 HIGH N/A
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CVE-2007-4598 1 Ibm 1 Surepos 500 2024-02-14 4.6 MEDIUM N/A
IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.