Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 6971 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41299 1 Ibm 1 Cloud Transformation Advisor 2024-02-16 N/A 5.4 MEDIUM
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214.
CVE-2007-5544 1 Ibm 2 Lotus Domino, Lotus Notes 2024-02-15 6.2 MEDIUM 7.8 HIGH
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.
CVE-2023-47700 1 Ibm 1 Storage Virtualize 2024-02-15 N/A 7.5 HIGH
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
CVE-2023-46183 1 Ibm 1 Powervm Hypervisor 2024-02-15 N/A 4.4 MEDIUM
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.
CVE-2023-45191 1 Ibm 1 Engineering Lifecycle Optimization 2024-02-15 N/A 7.5 HIGH
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.
CVE-2023-45190 1 Ibm 1 Engineering Lifecycle Optimization 2024-02-15 N/A 6.1 MEDIUM
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.
CVE-2023-45187 1 Ibm 1 Engineering Lifecycle Optimization 2024-02-15 N/A 8.8 HIGH
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.
CVE-2023-42016 1 Ibm 1 Sterling B2b Integrator 2024-02-15 N/A 4.3 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559.
CVE-2023-32341 1 Ibm 1 Sterling B2b Integrator 2024-02-15 N/A 6.5 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.
CVE-2024-22313 1 Ibm 1 Storage Defender Resiliency Service 2024-02-15 N/A 7.8 HIGH
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
CVE-2024-22312 1 Ibm 1 Storage Defender Resiliency Service 2024-02-15 N/A 5.5 MEDIUM
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
CVE-2023-50957 1 Ibm 1 Storage Defender Resiliency Service 2024-02-15 N/A 7.2 HIGH
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.
CVE-2000-1117 1 Ibm 1 Lotus Notes 2024-02-14 5.0 MEDIUM N/A
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
CVE-2004-0243 1 Ibm 1 Aix 2024-02-14 5.0 MEDIUM N/A
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
CVE-2015-0235 7 Apple, Debian, Gnu and 4 more 18 Mac Os X, Debian Linux, Glibc and 15 more 2024-02-14 10.0 HIGH N/A
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CVE-2007-4598 1 Ibm 1 Surepos 500 2024-02-14 4.6 MEDIUM N/A
IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.
CVE-2009-2435 1 Ibm 1 Lotus Instant Messaging And Web Conferencing 2024-02-14 5.0 MEDIUM N/A
The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2004-0029 1 Ibm 1 Lotus Domino 2024-02-14 4.6 MEDIUM N/A
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
CVE-2009-1334 1 Ibm 1 Tivoli Continuous Data Protection For Files 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.
CVE-2024-22331 1 Ibm 2 Devops Deploy, Urbancode Deploy 2024-02-13 N/A 5.5 MEDIUM
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.