Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43877 | 1 Ibm | 1 Urbancode Deploy | 2025-01-29 | N/A | 5.1 MEDIUM |
| IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | |||||
| CVE-2022-43866 | 1 Ibm | 1 Maximo Asset Management | 2025-01-29 | N/A | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436. | |||||
| CVE-2024-22356 | 1 Ibm | 3 App Connect Enterprise, Integration Bus, Z\/os | 2025-01-28 | N/A | 4.9 MEDIUM |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893. | |||||
| CVE-2024-28781 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-01-27 | N/A | 5.4 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654. | |||||
| CVE-2023-35888 | 1 Ibm | 1 Security Verify Governance | 2025-01-27 | N/A | 5.9 MEDIUM |
| IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. | |||||
| CVE-2023-27870 | 1 Ibm | 1 Spectrum Virtualize | 2025-01-24 | N/A | 5.9 MEDIUM |
| IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. | |||||
| CVE-2023-27554 | 1 Ibm | 1 Websphere Application Server | 2025-01-24 | N/A | 6.3 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. | |||||
| CVE-2023-28517 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2025-01-22 | N/A | 5.4 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421. | |||||
| CVE-2022-42443 | 1 Ibm | 2 Trusteer Android Sdk For Mobile, Trusteer Ios Sdk For Mobile | 2025-01-22 | N/A | 2.2 LOW |
| An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. | |||||
| CVE-2024-47115 | 1 Ibm | 2 Aix, Vios | 2025-01-21 | N/A | 7.8 HIGH |
| IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. | |||||
| CVE-2023-26280 | 1 Ibm | 1 Jazz Foundation | 2025-01-16 | N/A | 5.3 MEDIUM |
| IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control. | |||||
| CVE-2024-22345 | 1 Ibm | 1 Txseries For Multiplatform | 2025-01-14 | N/A | 6.2 MEDIUM |
| IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192. | |||||
| CVE-2024-22343 | 1 Ibm | 1 Txseries For Multiplatform | 2025-01-14 | N/A | 4.0 MEDIUM |
| IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190. | |||||
| CVE-2023-47712 | 1 Ibm | 1 Security Guardium | 2025-01-14 | N/A | 7.8 HIGH |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527. | |||||
| CVE-2023-47711 | 1 Ibm | 1 Security Guardium | 2025-01-14 | N/A | 2.7 LOW |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526. | |||||
| CVE-2023-47709 | 1 Ibm | 1 Security Guardium | 2025-01-14 | N/A | 9.1 CRITICAL |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524. | |||||
| CVE-2024-22328 | 1 Ibm | 1 Maximo Application Suite | 2025-01-14 | N/A | 7.5 HIGH |
| IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950. | |||||
| CVE-2022-22399 | 1 Ibm | 1 Aspera Faspex | 2025-01-14 | N/A | 5.4 MEDIUM |
| IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562. | |||||
| CVE-2023-37411 | 1 Ibm | 1 Aspera Faspex | 2025-01-14 | N/A | 4.8 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139. | |||||
| CVE-2023-38724 | 1 Ibm | 1 Cognos Controller | 2025-01-14 | N/A | 6.3 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183. | |||||