Filtered by vendor Ibm
Subscriptions
Total
7897 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35892 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 7.1 High |
| IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. | ||||
| CVE-2023-35890 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.1 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. | ||||
| CVE-2023-35024 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 4.6 Medium |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349. | ||||
| CVE-2023-35020 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Control Center and 2 more | 2024-11-21 | 5.4 Medium |
| IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. | ||||
| CVE-2023-35019 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 7.2 High |
| IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873. | ||||
| CVE-2023-35018 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 3.3 Low |
| IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. | ||||
| CVE-2023-35016 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 6.5 Medium |
| IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772. | ||||
| CVE-2023-35013 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 2.3 Low |
| IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. | ||||
| CVE-2023-35012 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Db2 For Linux Unix And Windows and 2 more | 2024-11-21 | 6.7 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763. | ||||
| CVE-2023-33859 | 1 Ibm | 1 Security Qradar Edr | 2024-11-21 | 5.3 Medium |
| IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697. | ||||
| CVE-2023-33857 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. | ||||
| CVE-2023-33852 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.6 High |
| IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614. | ||||
| CVE-2023-33851 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | 5.3 Medium |
| IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135. | ||||
| CVE-2023-33850 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2024-11-21 | 7.5 High |
| IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. | ||||
| CVE-2023-33840 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 4.8 Medium |
| IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037. | ||||
| CVE-2023-33839 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 7.2 High |
| IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | ||||
| CVE-2023-33837 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 4.1 Medium |
| IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | ||||
| CVE-2023-33836 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 5.3 Medium |
| IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. | ||||
| CVE-2023-33835 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015. | ||||
| CVE-2023-33834 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014. | ||||