Filtered by vendor Ibm
Subscriptions
Total
7834 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38732 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2024-11-21 | 4.3 Medium |
| IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289. | ||||
| CVE-2023-38730 | 1 Ibm | 1 Storage Copy Data Management | 2024-11-21 | 5.9 Medium |
| IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268. | ||||
| CVE-2023-38722 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2024-11-21 | 6.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174. | ||||
| CVE-2023-38721 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173. | ||||
| CVE-2023-38718 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 3.7 Low |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. | ||||
| CVE-2023-38371 | 1 Ibm | 2 Security Access Manager, Security Verify Access Docker | 2024-11-21 | 5.9 Medium |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198. | ||||
| CVE-2023-38370 | 1 Ibm | 2 Security Access Manager, Security Verify Access Docker | 2024-11-21 | 7.5 High |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197. | ||||
| CVE-2023-38368 | 1 Ibm | 2 Security Access Manager, Security Verify Access Docker | 2024-11-21 | 5.5 Medium |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195. | ||||
| CVE-2023-38364 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 6.1 Medium |
| IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260821. | ||||
| CVE-2023-38363 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818. | ||||
| CVE-2023-38361 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.9 Medium |
| IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. | ||||
| CVE-2023-38280 | 1 Ibm | 1 Hardware Management Console | 2024-11-21 | 8.4 High |
| IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740. | ||||
| CVE-2023-38276 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2024-11-21 | 5.9 Medium |
| IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. | ||||
| CVE-2023-38275 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2024-11-21 | 5.9 Medium |
| IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. | ||||
| CVE-2023-38273 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 7.5 High |
| IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. | ||||
| CVE-2023-38268 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. | ||||
| CVE-2023-38267 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-11-21 | 6.2 Medium |
| IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. | ||||
| CVE-2023-38263 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-11-21 | 6.5 Medium |
| IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577. | ||||
| CVE-2023-38020 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-11-21 | 4.3 Medium |
| IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. | ||||
| CVE-2023-38019 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-11-21 | 8.1 High |
| IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. | ||||