Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 6982 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22352 1 Ibm 1 Infosphere Information Server 2024-04-01 N/A 5.5 MEDIUM
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.
CVE-2024-22320 1 Ibm 1 Operational Decision Manager 2024-03-21 N/A 8.8 HIGH
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
CVE-2024-22319 1 Ibm 1 Operational Decision Manager 2024-03-21 N/A 9.8 CRITICAL
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
CVE-2023-47699 1 Ibm 1 Sterling Secure Proxy 2024-03-19 N/A 6.1 MEDIUM
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.
CVE-2023-47147 1 Ibm 1 Sterling Secure Proxy 2024-03-19 N/A 5.3 MEDIUM
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.
CVE-2023-46181 1 Ibm 1 Sterling Secure Proxy 2024-03-19 N/A 3.3 LOW
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.
CVE-2021-38938 1 Ibm 1 Host Access Transformation Services 2024-03-19 N/A 5.5 MEDIUM
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989.
CVE-2023-47162 1 Ibm 1 Sterling Secure Proxy 2024-03-19 N/A 6.1 MEDIUM
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973.
CVE-2023-46182 1 Ibm 1 Sterling Secure Proxy 2024-03-19 N/A 5.4 MEDIUM
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692.
CVE-2021-29749 1 Ibm 2 Secure External Authentication Server, Sterling Secure Proxy 2024-03-19 5.5 MEDIUM 5.4 MEDIUM
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.
CVE-2021-29725 4 Ibm, Linux, Microsoft and 1 more 6 Aix, Secure External Authentication Server, Sterling Secure Proxy and 3 more 2024-03-19 5.0 MEDIUM 7.5 HIGH
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
CVE-2023-46179 1 Ibm 1 Sterling Secure Proxy 2024-03-19 N/A 4.3 MEDIUM
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.
CVE-2024-27266 1 Ibm 1 Maximo Application Suite 2024-03-19 N/A 8.2 HIGH
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.
CVE-2024-27265 3 Ibm, Linux, Microsoft 4 Integration Bus, Z\/os, Linux Kernel and 1 more 2024-03-19 N/A 6.5 MEDIUM
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564.
CVE-2024-22346 1 Ibm 1 I 2024-03-19 N/A 7.8 HIGH
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.
CVE-2022-22506 1 Ibm 1 Robotic Process Automation 2024-03-12 N/A 4.6 MEDIUM
IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293.
CVE-2023-50305 1 Ibm 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access 2024-03-07 N/A 5.1 MEDIUM
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
CVE-2023-28949 1 Ibm 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access 2024-03-07 N/A 6.5 MEDIUM
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
CVE-2023-28525 1 Ibm 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access 2024-03-07 N/A 4.8 MEDIUM
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.
CVE-2023-50308 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-03-07 N/A 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.