Filtered by vendor Ibm Subscriptions
Total 7836 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-50950 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 3.7 Low
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.
CVE-2023-50947 1 Ibm 2 Business Automation Workflow, Cloud Pak For Business Automation 2024-11-21 5.4 Medium
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.
CVE-2023-50941 1 Ibm 1 Powersc 2024-11-21 6.3 Medium
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.
CVE-2023-50940 1 Ibm 1 Powersc 2024-11-21 5.3 Medium
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.
CVE-2023-50939 1 Ibm 1 Powersc 2024-11-21 5.9 Medium
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.
CVE-2023-50938 1 Ibm 1 Powersc 2024-11-21 6.5 Medium
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.
CVE-2023-50937 1 Ibm 1 Powersc 2024-11-21 5.9 Medium
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.
CVE-2023-50936 1 Ibm 1 Powersc 2024-11-21 6.3 Medium
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.
CVE-2023-50935 1 Ibm 1 Powersc 2024-11-21 6.5 Medium
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.
CVE-2023-50934 1 Ibm 1 Powersc 2024-11-21 5.3 Medium
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.
CVE-2023-50328 1 Ibm 1 Powersc 2024-11-21 3.7 Low
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.
CVE-2023-50327 1 Ibm 1 Powersc 2024-11-21 5.3 Medium
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.
CVE-2023-50326 1 Ibm 1 Powersc 2024-11-21 7.5 High
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.
CVE-2023-50313 1 Ibm 1 Websphere Application Server 2024-11-21 5.3 Medium
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.
CVE-2023-50311 1 Ibm 1 Cics Transaction Gateway 2024-11-21 3.1 Low
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages.
CVE-2023-50305 1 Ibm 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access 2024-11-21 5.1 Medium
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
CVE-2023-50304 1 Ibm 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access 2024-11-21 7.1 High
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
CVE-2023-49880 1 Ibm 1 Financial Transaction Manager 2024-11-21 7.5 High
In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.
CVE-2023-49878 1 Ibm 6 Virtualization Engine Ts7760 3957-vec, Virtualization Engine Ts7760 3957-vec Firmware, Virtualization Engine Ts7770 3948-ved and 3 more 2024-11-21 4.3 Medium
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652.
CVE-2023-49877 1 Ibm 6 Virtualization Engine Ts7760 3957-vec, Virtualization Engine Ts7760 3957-vec Firmware, Virtualization Engine Ts7770 3948-ved and 3 more 2024-11-21 4.3 Medium
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651.