Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27270 | 1 Ibm | 1 Websphere Application Server | 2025-03-05 | N/A | 4.7 MEDIUM |
| IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. | |||||
| CVE-2023-35899 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-03-05 | N/A | 7.0 HIGH |
| IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354. | |||||
| CVE-2023-38739 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 4.3 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-40696 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 4.8 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-45089 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 4.3 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy. | |||||
| CVE-2024-47103 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 4.8 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-47116 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-31913 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 5.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-31903 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard EditionĀ 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. | |||||
| CVE-2024-25034 | 1 Ibm | 1 Planning Analytics | 2025-03-05 | N/A | 8.0 HIGH |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | |||||
| CVE-2024-40693 | 1 Ibm | 1 Planning Analytics | 2025-03-05 | N/A | 8.0 HIGH |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | |||||
| CVE-2023-47159 | 1 Ibm | 1 Sterling File Gateway | 2025-03-05 | N/A | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. | |||||
| CVE-2024-27263 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 5.3 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. | |||||
| CVE-2023-35907 | 1 Ibm | 1 Aspera Faspex | 2025-03-05 | N/A | 5.9 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2023-37398 | 1 Ibm | 1 Aspera Faspex | 2025-03-05 | N/A | 5.9 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2023-50316 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | N/A | 6.3 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2023-35017 | 1 Ibm | 1 Security Verify Governance | 2025-03-04 | N/A | 5.9 MEDIUM |
| IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. | |||||
| CVE-2023-33838 | 1 Ibm | 1 Security Verify Governance | 2025-03-04 | N/A | 4.4 MEDIUM |
| IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. | |||||
| CVE-2023-37412 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | N/A | 4.4 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | |||||
| CVE-2023-37413 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | N/A | 5.3 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. | |||||