Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50309 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-04 | N/A | 6.4 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-32340 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-04 | N/A | 4.6 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-35112 | 1 Ibm | 1 Control Center | 2025-03-04 | N/A | 5.4 MEDIUM |
| IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2024-35113 | 1 Ibm | 1 Control Center | 2025-03-04 | N/A | 4.3 MEDIUM |
| IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | |||||
| CVE-2023-25681 | 1 Ibm | 1 Spectrum Virtualize | 2025-03-04 | N/A | 5.3 MEDIUM |
| LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033. | |||||
| CVE-2024-56463 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-03-03 | N/A | 4.8 MEDIUM |
| IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-25026 | 1 Ibm | 1 Websphere Application Server | 2025-02-27 | N/A | 5.9 MEDIUM |
| IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. | |||||
| CVE-2023-27875 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-02-26 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. | |||||
| CVE-2023-27871 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-02-25 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613. | |||||
| CVE-2024-27277 | 1 Ibm | 1 Storage Protect Plus | 2025-02-14 | N/A | 6.2 MEDIUM |
| The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. | |||||
| CVE-2023-38372 | 1 Ibm | 1 Watson Iot Platform | 2025-02-14 | N/A | 5.9 MEDIUM |
| An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201. | |||||
| CVE-2023-30449 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439. | |||||
| CVE-2023-30448 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | N/A | 5.9 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437. | |||||
| CVE-2023-30445 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357. | |||||
| CVE-2024-49796 | 1 Ibm | 1 Applinx | 2025-02-13 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2024-49798 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2024-49797 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.9 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-49795 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-49794 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-49793 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||