Filtered by vendor Ibm
Subscriptions
Total
7945 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38315 | 1 Ibm | 1 Aspera Shares | 2024-09-20 | 6.3 Medium |
| IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2024-35118 | 1 Ibm | 2 Maas360, Maas360 Mdm | 2024-09-19 | 4.6 Medium |
| IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | ||||
| CVE-2024-39747 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-09-16 | 8.1 High |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. | ||||
| CVE-2024-27257 | 1 Ibm | 2 Openpages Grc Platform, Openpages With Watson | 2024-09-16 | 4.3 Medium |
| IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. | ||||
| CVE-2024-35143 | 1 Ibm | 2 Planning Analytics Local, Planning Analytics Workspace | 2024-09-11 | 6.7 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420. | ||||
| CVE-2023-50315 | 1 Ibm | 1 Websphere Application Server | 2024-09-11 | 5.3 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714. | ||||
| CVE-2022-33162 | 1 Ibm | 3 Security Directory Integrator, Security Verify Directory, Security Verify Directory Integrator | 2024-09-07 | 7.3 High |
| IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570. | ||||
| CVE-2024-45074 | 2 Ibm, Softwareag | 2 Webmethods Integration, Webmethods | 2024-09-06 | 6.5 Medium |
| IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2024-45076 | 2 Ibm, Softwareag | 2 Webmethods Integration, Webmethods | 2024-09-06 | 9.9 Critical |
| IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. | ||||
| CVE-2024-38321 | 1 Ibm | 1 Business Automation Workflow | 2024-09-06 | 5.3 Medium |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. | ||||
| CVE-2024-45098 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | 6.8 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | ||||
| CVE-2024-45097 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | 5.9 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | ||||
| CVE-2024-45096 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | 6.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. | ||||
| CVE-2024-39751 | 1 Ibm | 1 Infosphere Information Server | 2024-08-29 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 | ||||
| CVE-2023-38018 | 1 Ibm | 1 Aspera Shares | 2024-08-29 | 6.3 Medium |
| IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574. | ||||
| CVE-2024-41773 | 1 Ibm | 1 Global Configuration Management | 2024-08-26 | 6.5 Medium |
| IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. | ||||
| CVE-2024-41774 | 1 Ibm | 1 Common Licensing | 2024-08-24 | 4.8 Medium |
| IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. | ||||
| CVE-2023-50314 | 1 Ibm | 1 Websphere Application Server | 2024-08-23 | 5.3 Medium |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. | ||||
| CVE-2024-35151 | 1 Ibm | 2 Openpages Grc Platform, Openpages With Watson | 2024-08-23 | 6.5 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | ||||
| CVE-2024-39744 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more | 2024-08-23 | 4.3 Medium |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||