Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 6971 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-27265 3 Ibm, Linux, Microsoft 4 Integration Bus, Z\/os, Linux Kernel and 1 more 2024-03-19 N/A 6.5 MEDIUM
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564.
CVE-2024-22346 1 Ibm 1 I 2024-03-19 N/A 7.8 HIGH
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.
CVE-2022-22506 1 Ibm 1 Robotic Process Automation 2024-03-12 N/A 4.6 MEDIUM
IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293.
CVE-2023-50305 1 Ibm 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access 2024-03-07 N/A 5.1 MEDIUM
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
CVE-2023-28949 1 Ibm 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access 2024-03-07 N/A 6.5 MEDIUM
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
CVE-2023-28525 1 Ibm 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access 2024-03-07 N/A 4.8 MEDIUM
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.
CVE-2023-50308 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-03-07 N/A 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.
CVE-2023-47747 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2024-03-07 N/A 6.5 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.
CVE-2023-47746 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2024-03-07 N/A 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.
CVE-2023-47158 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2024-03-07 N/A 6.5 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.
CVE-2023-47152 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-03-07 N/A 7.5 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.
CVE-2023-47145 2 Ibm, Microsoft 2 Db2, Windows 2024-03-07 N/A 7.8 HIGH
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.
CVE-2023-47141 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-03-07 N/A 6.5 MEDIUM
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.
CVE-2023-45193 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-03-07 N/A 7.5 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.
CVE-2023-27859 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2024-03-07 N/A 6.5 MEDIUM
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.
CVE-2021-39077 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2024-02-29 N/A 4.4 MEDIUM
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.  
CVE-2024-22332 1 Ibm 1 Integration Bus 2024-02-16 N/A 6.5 MEDIUM
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.
CVE-2024-22318 1 Ibm 1 I Access Client Solutions 2024-02-16 N/A 5.5 MEDIUM
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
CVE-2024-22361 1 Ibm 1 Semeru Runtime 2024-02-16 N/A 7.5 HIGH
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.
CVE-2005-4868 2 Ibm, Microsoft 2 Db2 Universal Database, Windows 2024-02-16 2.1 LOW 7.1 HIGH
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.