Filtered by vendor Ibm
Subscribe
Total
6982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43017 | 1 Ibm | 1 Security Verify Access | 2024-02-10 | N/A | 7.2 HIGH |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. | |||||
| CVE-2023-46159 | 1 Ibm | 1 Storage Ceph | 2024-02-10 | N/A | 6.5 MEDIUM |
| IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | |||||
| CVE-2022-40744 | 1 Ibm | 1 Aspera Faspex | 2024-02-10 | N/A | 5.4 MEDIUM |
| IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. | |||||
| CVE-2023-50947 | 1 Ibm | 2 Business Automation Workflow, Cloud Pak For Business Automation | 2024-02-10 | N/A | 5.4 MEDIUM |
| IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665. | |||||
| CVE-2023-38019 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-02-09 | N/A | 6.5 MEDIUM |
| IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. | |||||
| CVE-2023-38263 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-02-09 | N/A | 8.8 HIGH |
| IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577. | |||||
| CVE-2023-38020 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-02-09 | N/A | 4.3 MEDIUM |
| IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. | |||||
| CVE-1999-0046 | 10 Bsdi, Debian, Digital and 7 more | 10 Bsd Os, Debian Linux, Ultrix and 7 more | 2024-02-09 | 10.0 HIGH | N/A |
| Buffer overflow of rlogin program using TERM environmental variable. | |||||
| CVE-2020-4574 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181. | |||||
| CVE-2008-2122 | 1 Ibm | 1 Rational Build Forge | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets. | |||||
| CVE-2023-47144 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-02-08 | N/A | 6.1 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271. | |||||
| CVE-2023-47143 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-02-08 | N/A | 9.8 CRITICAL |
| IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270. | |||||
| CVE-2023-47148 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-02-08 | N/A | 7.5 HIGH |
| IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. | |||||
| CVE-2023-38273 | 1 Ibm | 1 Cloud Pak System | 2024-02-08 | N/A | 7.5 HIGH |
| IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. | |||||
| CVE-2023-47142 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-02-08 | N/A | 8.8 HIGH |
| IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267. | |||||
| CVE-2023-32333 | 1 Ibm | 1 Maximo Asset Management | 2024-02-07 | N/A | 9.8 CRITICAL |
| IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. | |||||
| CVE-2023-31006 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-02-07 | N/A | 7.5 HIGH |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776. | |||||
| CVE-2023-32327 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-02-07 | N/A | 7.1 HIGH |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783. | |||||
| CVE-2023-31005 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-02-07 | N/A | 7.8 HIGH |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. | |||||
| CVE-2023-32329 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-02-07 | N/A | 5.5 MEDIUM |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972. | |||||