Filtered by vendor Ibm
Subscriptions
Total
8060 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32342 | 1 Ibm | 1 Http Server | 2025-01-09 | 7.5 High |
| IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828. | ||||
| CVE-2023-26277 | 1 Ibm | 1 Qradar Wincollect | 2025-01-09 | 7.8 High |
| IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. IBM X-Force ID: 248156. | ||||
| CVE-2023-26278 | 1 Ibm | 1 Qradar Wincollect | 2025-01-09 | 8.2 High |
| IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. IBM X-Force ID: 248158. | ||||
| CVE-2023-47710 | 1 Ibm | 1 Security Guardium | 2025-01-08 | 5.4 Medium |
| IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525. | ||||
| CVE-2024-31895 | 1 Ibm | 1 App Connect Enterprise | 2025-01-08 | 4.3 Medium |
| IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176. | ||||
| CVE-2024-31894 | 1 Ibm | 1 App Connect Enterprise | 2025-01-08 | 4.3 Medium |
| IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175. | ||||
| CVE-2023-22862 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2025-01-08 | 5.9 Medium |
| IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | ||||
| CVE-2023-27285 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2025-01-08 | 8.4 High |
| IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625. | ||||
| CVE-2022-43384 | 1 Ibm | 1 Aspera Console | 2025-01-08 | 4.6 Medium |
| IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. | ||||
| CVE-2022-43575 | 1 Ibm | 1 Aspera Console | 2025-01-08 | 5.4 Medium |
| IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. | ||||
| CVE-2022-43841 | 1 Ibm | 1 Aspera Console | 2025-01-08 | 4 Medium |
| IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078. | ||||
| CVE-2024-31889 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | 5.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136. | ||||
| CVE-2024-31907 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | 5.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. | ||||
| CVE-2024-31908 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | 6.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. | ||||
| CVE-2023-27861 | 1 Ibm | 1 Maximo Application Suite | 2025-01-08 | 5.9 Medium |
| IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208. | ||||
| CVE-2023-32334 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2025-01-08 | 3.7 Low |
| IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074. | ||||
| CVE-2023-0041 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2025-01-08 | 6.3 Medium |
| IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657. | ||||
| CVE-2023-38362 | 1 Ibm | 1 Cics Tx | 2025-01-07 | 5.3 Medium |
| IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814. | ||||
| CVE-2023-38360 | 1 Ibm | 1 Cics Tx | 2025-01-07 | 6.1 Medium |
| IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769. | ||||
| CVE-2023-37395 | 1 Ibm | 1 Aspera Faspex | 2025-01-07 | 2.5 Low |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. | ||||