Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7001 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-39731 1 Ibm 1 Datacap 2024-07-16 N/A 7.5 HIGH
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.
CVE-2024-39741 1 Ibm 2 Datacap, Datacap Navigator 2024-07-16 N/A 5.3 MEDIUM
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.
CVE-2024-39740 1 Ibm 2 Datacap, Datacap Navigator 2024-07-16 N/A 5.3 MEDIUM
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.
CVE-2024-39735 1 Ibm 2 Datacap, Datacap Navigator 2024-07-16 N/A 5.4 MEDIUM
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002.
CVE-2024-39729 1 Ibm 2 Datacap, Datacap Navigator 2024-07-16 N/A 4.3 MEDIUM
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.
CVE-2024-39736 1 Ibm 2 Datacap, Datacap Navigator 2024-07-16 N/A 9.8 CRITICAL
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.
CVE-2024-39739 1 Ibm 2 Datacap, Datacap Navigator 2024-07-16 N/A 4.3 MEDIUM
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008.
CVE-2024-39737 1 Ibm 2 Datacap, Datacap Navigator 2024-07-16 N/A 5.3 MEDIUM
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004.
CVE-2024-39728 1 Ibm 2 Datacap, Datacap Navigator 2024-07-16 N/A 5.4 MEDIUM
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967.
CVE-2024-39723 1 Ibm 1 Storage Virtualize 2024-07-11 N/A 4.6 MEDIUM
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
CVE-2024-38330 1 Ibm 1 I 2024-07-11 N/A 7.8 HIGH
IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227.
CVE-2024-31897 1 Ibm 1 Cloud Pak For Business Automation 2024-07-11 N/A 4.3 MEDIUM
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.
CVE-2024-37528 1 Ibm 1 Cloud Pak For Business Automation 2024-07-11 N/A 5.4 MEDIUM
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293.
CVE-2022-38710 2 Ibm, Microsoft 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more 2024-07-03 N/A 5.3 MEDIUM
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.
CVE-2013-3993 1 Ibm 1 Infosphere Biginsights 2024-06-28 3.5 LOW 6.5 MEDIUM
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.
CVE-2020-28198 1 Ibm 1 Tivoli Storage Manager 2024-06-26 4.4 MEDIUM 7.0 HIGH
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-27583 1 Ibm 1 Infosphere Information Server 2024-06-26 7.5 HIGH 9.8 CRITICAL
IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2023-35011 1 Ibm 1 Cognos Analytics 2024-06-21 N/A 5.4 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705.
CVE-2023-35009 1 Ibm 1 Cognos Analytics 2024-06-21 N/A 5.3 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.
CVE-2024-31878 1 Ibm 1 I 2024-06-11 N/A 5.3 MEDIUM
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.