Filtered by vendor Ibm
Subscriptions
Total
7836 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46182 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-21 | 5.4 Medium |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692. | ||||
| CVE-2023-46181 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-21 | 4 Medium |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686. | ||||
| CVE-2023-46179 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-21 | 4.3 Medium |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683. | ||||
| CVE-2023-46177 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 6.5 Medium |
| IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536. | ||||
| CVE-2023-46176 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 6.7 Medium |
| IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. | ||||
| CVE-2023-46174 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506. | ||||
| CVE-2023-46159 | 2 Ibm, Redhat | 2 Storage Ceph, Ceph Storage | 2024-11-21 | 2.6 Low |
| IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | ||||
| CVE-2023-46158 | 1 Ibm | 1 Websphere Application Server Liberty | 2024-11-21 | 4.9 Medium |
| IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. | ||||
| CVE-2023-45192 | 1 Ibm | 2 Doors Next, Engineering Requirements Management Doors Next | 2024-11-21 | 8.2 High |
| IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758. | ||||
| CVE-2023-45191 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2024-11-21 | 7.5 High |
| IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. | ||||
| CVE-2023-45189 | 1 Ibm | 1 Robotic Process Automation For Cloud Pak | 2024-11-21 | 6.5 Medium |
| A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. | ||||
| CVE-2023-45188 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2024-11-21 | 6.5 Medium |
| IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751. | ||||
| CVE-2023-45187 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2024-11-21 | 6.3 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. | ||||
| CVE-2023-45185 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | 7.4 High |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273. | ||||
| CVE-2023-45184 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | 6.2 Medium |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. | ||||
| CVE-2023-45182 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | 7.4 High |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. | ||||
| CVE-2023-45176 | 1 Ibm | 2 App Connect Enterprise, Integration Bus | 2024-11-21 | 6.2 Medium |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998. | ||||
| CVE-2023-45174 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 8.4 High |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972. | ||||
| CVE-2023-45172 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 6.2 Medium |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970. | ||||
| CVE-2023-45168 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 8.4 High |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966. | ||||