Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 6982 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22313 1 Ibm 1 Storage Defender Resiliency Service 2024-02-15 N/A 7.8 HIGH
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
CVE-2024-22312 1 Ibm 1 Storage Defender Resiliency Service 2024-02-15 N/A 5.5 MEDIUM
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
CVE-2023-50957 1 Ibm 1 Storage Defender Resiliency Service 2024-02-15 N/A 7.2 HIGH
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.
CVE-2000-1117 1 Ibm 1 Lotus Notes 2024-02-14 5.0 MEDIUM N/A
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
CVE-2004-0243 1 Ibm 1 Aix 2024-02-14 5.0 MEDIUM N/A
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
CVE-2015-0235 7 Apple, Debian, Gnu and 4 more 18 Mac Os X, Debian Linux, Glibc and 15 more 2024-02-14 10.0 HIGH N/A
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CVE-2007-4598 1 Ibm 1 Surepos 500 2024-02-14 4.6 MEDIUM N/A
IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.
CVE-2009-2435 1 Ibm 1 Lotus Instant Messaging And Web Conferencing 2024-02-14 5.0 MEDIUM N/A
The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2004-0029 1 Ibm 1 Lotus Domino 2024-02-14 4.6 MEDIUM N/A
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
CVE-2009-1334 1 Ibm 1 Tivoli Continuous Data Protection For Files 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.
CVE-2024-22331 1 Ibm 2 Devops Deploy, Urbancode Deploy 2024-02-13 N/A 5.5 MEDIUM
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.
CVE-1999-0113 1 Ibm 1 Aix 2024-02-13 10.0 HIGH N/A
Some implementations of rlogin allow root access if given a -froot parameter.
CVE-2004-0480 1 Ibm 1 Lotus Notes 2024-02-13 10.0 HIGH N/A
Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe.
CVE-2023-33851 1 Ibm 1 Powervm Hypervisor 2024-02-12 N/A 4.9 MEDIUM
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135.
CVE-2022-38710 2 Ibm, Microsoft 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more 2024-02-12 N/A 5.3 MEDIUM
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292."
CVE-2023-50962 1 Ibm 1 Powersc 2024-02-12 N/A 7.5 HIGH
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.
CVE-2023-31002 1 Ibm 1 Security Access Manager Container 2024-02-10 N/A 5.5 MEDIUM
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.
CVE-2023-32328 1 Ibm 1 Security Verify Access 2024-02-10 N/A 9.8 CRITICAL
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.
CVE-2023-32330 1 Ibm 1 Security Verify Access 2024-02-10 N/A 9.8 CRITICAL
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.
CVE-2023-38369 1 Ibm 1 Security Access Manager Container 2024-02-10 N/A 7.5 HIGH
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.