Filtered by vendor Ibm
Subscriptions
Total
7969 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41738 | 1 Ibm | 1 Txseries For Multiplatforms | 2024-11-14 | 5.9 Medium |
| IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | ||||
| CVE-2024-41741 | 1 Ibm | 1 Txseries For Multiplatforms | 2024-11-14 | 5.3 Medium |
| IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. | ||||
| CVE-2024-41745 | 1 Ibm | 1 Cics Tx | 2024-11-14 | 6.1 Medium |
| IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45085 | 1 Ibm | 1 Websphere Application Server | 2024-11-08 | 5.9 Medium |
| IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. | ||||
| CVE-2024-49340 | 1 Ibm | 1 Watson Studio Local | 2024-11-08 | 4.3 Medium |
| IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-45086 | 1 Ibm | 1 Websphere Application Server | 2024-11-06 | 5.5 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2023-50310 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-05 | 4.9 Medium |
| IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | ||||
| CVE-2024-40680 | 1 Ibm | 2 Mq Appliance, Mq Operator | 2024-10-31 | 5.5 Medium |
| IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | ||||
| CVE-2024-43177 | 1 Ibm | 1 Concert | 2024-10-25 | 5.9 Medium |
| IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | ||||
| CVE-2024-43173 | 1 Ibm | 1 Concert | 2024-10-25 | 3.7 Low |
| IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | ||||
| CVE-2024-45071 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | 5.5 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45072 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | 5.5 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2022-43845 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-09-30 | 3.7 Low |
| IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | ||||
| CVE-2021-38963 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-09-30 | 8 High |
| IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2024-38324 | 1 Ibm | 2 Storage Defender, Storage Defender Resiliency Service | 2024-09-30 | 5.9 Medium |
| IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. | ||||
| CVE-2024-43188 | 1 Ibm | 1 Business Automation Workflow | 2024-09-29 | 4.9 Medium |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | ||||
| CVE-2024-40703 | 1 Ibm | 2 Cognos Analytics, Cognos Analytics Reports | 2024-09-27 | 5.5 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. | ||||
| CVE-2024-37068 | 1 Ibm | 1 Maximo Application Suite | 2024-09-21 | 5.9 Medium |
| IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques. | ||||
| CVE-2024-35133 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-09-21 | 6.8 Medium |
| IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||
| CVE-2024-28799 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | 5.6 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. | ||||