Filtered by vendor Ibm
Subscriptions
Total
7834 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29260 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-11-21 | 6.5 Medium |
| IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135. | ||||
| CVE-2023-29259 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-11-21 | 3.7 Low |
| IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055. | ||||
| CVE-2023-28958 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2024-11-21 | 7 High |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. | ||||
| CVE-2023-28955 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2024-11-21 | 6.5 Medium |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704. | ||||
| CVE-2023-28949 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access | 2024-11-21 | 6.5 Medium |
| IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216. | ||||
| CVE-2023-28527 | 1 Ibm | 2 Informix Dynamic Server, Informix Dynamic Server On Cloud Pak For Data | 2024-11-21 | 6.2 Medium |
| IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206. | ||||
| CVE-2023-28526 | 1 Ibm | 2 Informix Dynamic Server, Informix Dynamic Server On Cloud Pak For Data | 2024-11-21 | 6.2 Medium |
| IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204. | ||||
| CVE-2023-28525 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access | 2024-11-21 | 4.8 Medium |
| IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052. | ||||
| CVE-2023-28513 | 5 Hp, Ibm, Linux and 2 more | 9 Hp-ux, Aix, I and 6 more | 2024-11-21 | 5.9 Medium |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. | ||||
| CVE-2023-27877 | 1 Ibm | 1 Cloud Pak For Data | 2024-11-21 | 5.3 Medium |
| IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. | ||||
| CVE-2023-27866 | 1 Ibm | 1 Informix Jdbc Driver | 2024-11-21 | 6.3 Medium |
| IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511. | ||||
| CVE-2023-27540 | 2 Ibm, Redhat | 3 Cloud Pak For Data, Watson Cp4d Data Stores, Openshift | 2024-11-21 | 5.9 Medium |
| IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924. | ||||
| CVE-2023-27279 | 1 Ibm | 1 Aspera Faspex | 2024-11-21 | 6.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. | ||||
| CVE-2023-26289 | 1 Ibm | 1 Aspera Orchestrator | 2024-11-21 | 5.4 Medium |
| IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478. | ||||
| CVE-2023-26288 | 1 Ibm | 1 Aspera Orchestrator | 2024-11-21 | 5.5 Medium |
| IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477. | ||||
| CVE-2023-26286 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 8.4 High |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. | ||||
| CVE-2023-26279 | 1 Ibm | 1 Qradar Wincollect | 2024-11-21 | 3.3 Low |
| IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160. | ||||
| CVE-2023-26276 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.9 Medium |
| IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147. | ||||
| CVE-2023-26274 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.6 Medium |
| IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144. | ||||
| CVE-2023-26273 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134. | ||||