Filtered by vendor Ibm
Subscriptions
Total
7834 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26272 | 1 Ibm | 1 Guardium Cloud Key Manager | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133. | ||||
| CVE-2023-26271 | 1 Ibm | 1 Guardium Cloud Key Manager | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126. | ||||
| CVE-2023-26270 | 1 Ibm | 1 Guardium Cloud Key Manager | 2024-11-21 | 6.5 Medium |
| IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119. | ||||
| CVE-2023-26268 | 2 Apache, Ibm | 2 Couchdb, Cloudant | 2024-11-21 | 4.4 Medium |
| Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment. | ||||
| CVE-2023-26026 | 1 Ibm | 1 Cloud Pak For Data | 2024-11-21 | 5.3 Medium |
| Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. | ||||
| CVE-2023-26024 | 1 Ibm | 1 Planning Analytics On Cloud Pak For Data | 2024-11-21 | 6.5 Medium |
| IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. | ||||
| CVE-2023-26023 | 1 Ibm | 1 Cloud Pak For Data | 2024-11-21 | 6.5 Medium |
| Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. | ||||
| CVE-2023-25682 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.2 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034. | ||||
| CVE-2023-25681 | 1 Ibm | 1 Spectrum Virtualize | 2024-11-21 | 5.3 Medium |
| LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033. | ||||
| CVE-2023-24971 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2024-11-21 | 7.5 High |
| IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976. | ||||
| CVE-2023-24965 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | 5.8 Medium |
| IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713. | ||||
| CVE-2023-24959 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.3 Medium |
| IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332. | ||||
| CVE-2023-23476 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2024-11-21 | 3.1 Low |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425. | ||||
| CVE-2023-23473 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400. | ||||
| CVE-2023-23468 | 2 Ibm, Redhat | 2 Robotic Process Automation, Openshift | 2024-11-21 | 5.1 Medium |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500. | ||||
| CVE-2023-22877 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 7 High |
| IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. | ||||
| CVE-2023-22870 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | 5.9 Medium |
| IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121. | ||||
| CVE-2023-22595 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2024-11-21 | 5.4 Medium |
| IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076. | ||||
| CVE-2023-22593 | 2 Ibm, Redhat | 2 Robotic Process Automation, Openshift | 2024-11-21 | 4 Medium |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074. | ||||
| CVE-2023-1995 | 6 Hitachi, Hp, Ibm and 3 more | 8 Hirdb Server, Hirdb Server With Additional Function, Hirdb Structured Data Access Facility and 5 more | 2024-11-21 | 5.3 Medium |
| Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02. | ||||