Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 6982 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50308 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-03-07 N/A 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.
CVE-2023-47747 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2024-03-07 N/A 6.5 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.
CVE-2023-47746 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2024-03-07 N/A 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.
CVE-2023-47158 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2024-03-07 N/A 6.5 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.
CVE-2023-47152 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-03-07 N/A 7.5 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.
CVE-2023-47145 2 Ibm, Microsoft 2 Db2, Windows 2024-03-07 N/A 7.8 HIGH
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.
CVE-2023-47141 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-03-07 N/A 6.5 MEDIUM
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.
CVE-2023-45193 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-03-07 N/A 7.5 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.
CVE-2023-27859 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2024-03-07 N/A 6.5 MEDIUM
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.
CVE-2021-39077 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2024-02-29 N/A 4.4 MEDIUM
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.  
CVE-2024-22361 1 Ibm 1 Semeru Runtime 2024-02-16 N/A 7.5 HIGH
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.
CVE-2005-4868 2 Ibm, Microsoft 2 Db2 Universal Database, Windows 2024-02-16 2.1 LOW 7.1 HIGH
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
CVE-2022-41299 1 Ibm 1 Cloud Transformation Advisor 2024-02-16 N/A 5.4 MEDIUM
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214.
CVE-2007-5544 1 Ibm 2 Lotus Domino, Lotus Notes 2024-02-15 6.2 MEDIUM 7.8 HIGH
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.
CVE-2023-47700 1 Ibm 1 Storage Virtualize 2024-02-15 N/A 7.5 HIGH
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
CVE-2023-46183 1 Ibm 1 Powervm Hypervisor 2024-02-15 N/A 4.4 MEDIUM
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.
CVE-2023-45191 1 Ibm 1 Engineering Lifecycle Optimization 2024-02-15 N/A 7.5 HIGH
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.
CVE-2023-45190 1 Ibm 1 Engineering Lifecycle Optimization 2024-02-15 N/A 6.1 MEDIUM
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.
CVE-2023-45187 1 Ibm 1 Engineering Lifecycle Optimization 2024-02-15 N/A 8.8 HIGH
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.
CVE-2023-42016 1 Ibm 1 Sterling B2b Integrator 2024-02-15 N/A 4.3 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559.