IBM Latest Vulnerabilities
June 30
IBM InfoSphere Information Server Vulnerable to Cross-Site Scripting
CVE-2023-50964
IBMInfosphere Information...5.4MEDIUM
IBM InfoSphere Information Server Vulnerable to Cross-Site Scripting
CVE-2024-28794
IBMInfosphere Information...5.4MEDIUM
Remote Attack Could Lead to Sensitive Information Disclosure
CVE-2023-50953
IBMInfosphere Information...5.4MEDIUM
IBM InfoSphere Information Server Vulnerable to Server-Side Request Forgery (SSRF)
CVE-2023-50952
IBMInfosphere Information...5.4MEDIUM
IBM InfoSphere Information Server Vulnerable to Cross-Site Scripting
CVE-2024-28797
IBMInfosphere Information...6.4MEDIUM
Bypassing Authentication via Insecure Direct Object References
CVE-2024-31898
IBMInfosphere Information...5.4MEDIUM
IBM InfoSphere Information Server Vulnerability Could Lead to Further Attacks
CVE-2023-50954
IBMInfosphere Information...4.3MEDIUM
IBM InfoSphere Information Server Vulnerable to Cross-Site Request Forgery
CVE-2024-31902
IBMInfosphere Information...4.3MEDIUM
Remote Attack on IBM InfoSphere Information Server Could Lead to Sensitive Information Disclosure
CVE-2024-35119
IBMInfosphere Information...5.3MEDIUM
IBM InfoSphere Information Server Vulnerable to Stored Cross-Site Scripting
CVE-2024-28798
IBMInfosphere Information...7.2HIGH
Local User Access to Unauthorized Projects
CVE-2023-35022
IBMInfosphere Information...4MEDIUM
IBM InfoSphere Information Server Vulnerable to Cross-Site Scripting
CVE-2024-28795
IBMInfosphere Information...5.4MEDIUM
June 28
IBM Cloud Pak for Security Vulnerability Allows Local File Access
CVE-2022-38383
IBMCloud Pak For Security4MEDIUM
IBM Cognos Analytics Vulnerable to Cross Site Scripting (XSS)
CVE-2024-25041
IBMCognos Analytics5.4MEDIUM
Cognos Analytics Vulnerable to Certificate Validation Attack
CVE-2024-25053
IBMCognos Analytics5.9MEDIUM
Brute Force Vulnerability in IBM Storage Defender Exposes Product to Enumeration
CVE-2024-38322
IBMStorage Defender - Res...5.3MEDIUM
Inadequate Account Lockout Setting Exposes IBM Storage Defender to Brute Force Attacks
CVE-2024-25031
IBMStorage Defender - Res...6.5MEDIUM
IBM MQ Vulnerable to Denial of Service Attack
CVE-2024-35116
IBMMQ5.9MEDIUM
IBM MQ Vulnerability Could Lead to Sensitive Information Disclosure
CVE-2024-35156
IBMMQ6.5MEDIUM
Remote Attack via Detailed Technical Error Message in Browser Could Lead to Sensitive Information Disclosure
CVE-2024-35155
IBMMQ6.5MEDIUM
Potential Privilege Escalation Vulnerability in IBM MQ 9.3 LTS and 9.3 CD
CVE-2024-31912
IBMMQ7.5HIGH
IBM MQ Vulnerable to Denial of Service Attack
CVE-2024-31919
IBMMQ5.9MEDIUM
IBM Security Access Manager Docker vulnerability could expose sensitive information
CVE-2024-35139
IBMSecurity Verify Access...6.2MEDIUM
IBM Security Access Manager Docker vulnerability could lead to elevated privileges
CVE-2024-35137
IBMSecurity Verify Access...6.2MEDIUM
June 27
IBM Security Access Manager Vulnerability Allows Malicious Package Installation
CVE-2023-38370
IBMSecurity Access Manage...7.5HIGH
IBM Security Access Manager Vulnerability Could Leak Sensitive Information
CVE-2023-38368
IBMSecurity Access Manage...6.2MEDIUM
IBM Security Access Manager Vulnerability Allows Root Access
CVE-2023-30997
IBMSecurity Access Manage...8.4HIGH
IBM Security Access Manager Vulnerability Allows Root Access
CVE-2023-30998
IBMSecurity Access Manage...8.4HIGH
Weaker Cryptographic Algorithms in IBM Security Access Manager Docker Releases Could Lead to Information Decryption
CVE-2023-38371
IBMSecurity Access Manage...5.9MEDIUM
IBM Sterling B2B Integrator vulnerable to Cross-Site Scripting
CVE-2023-42014
IBMSterling B2b Integrato...5.4MEDIUM
Integrator May Confuse Users with Incorrect or Restricted Frame Objects
CVE-2023-42011
IBMSterling B2b Integrato...4.3MEDIUM
IBM Security Verify Access Vulnerability Could Leak Sensitive Information
CVE-2023-30430
IBMSecurity Verify Access6.2MEDIUM
June 22
IBM Security SOAR Vulnerability Could Allow Execution of Malicious Code
CVE-2024-38319
IBMSecurity Soar7.5HIGH
June 21
Local Privilege Escalation Vulnerability Affects IBM i Products
CVE-2024-31890
IBMI7.8HIGH
June 20
IBM WebSphere Application Server Vulnerable to Identity Spoofing
CVE-2024-37532
IBMWebsphere Application ...8.8HIGH
June 19
IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass
CVE-2024-38329
IBMStorage Protect For Vi...7.7HIGH
June 18
IBM QRadar Suite Software Vulnerability Could Allow Arbitrary Commands Execution
CVE-2023-47726
IBMQradar Suite Software7.1HIGH
June 15
Local Privilege Escalation Vulnerability in IBM i 7.2, 7.3, 7.4, and 7.5
CVE-2024-27275
IBMI7.4HIGH
User-defined table functions vulnerable to user enumeration in IBM Db2 for i
CVE-2024-31870
IBMI3.3LOW
June 13
IBM Maximo Asset Management Vulnerability: Web Pages Stored Locally Can Be Accessed by Other Users
CVE-2024-22333
IBMMaximo Application Suite4MEDIUM
IBM Jazz Reporting Service Stores User Credentials in Plain Clear Text
CVE-2024-25052
IBMJazz Reporting Service4.4MEDIUM
June 12
Db2 Crash Vulnerability Affects Authenticated Users
CVE-2024-31881
IBMDb2 For Linux, Unix An...6.5MEDIUM
Db2 Vulnerable to Denial of Service Attack
CVE-2023-29267
IBMDb2 For Linux, Unix An...5.3MEDIUM
IBM Db2 Vulnerable to Denial of Service Attack
CVE-2024-28762
IBM
June 9
Arbitrary File Upload Vulnerability Affects IBM Engineering Lifecycle Optimization Publishing
CVE-2023-45188
IBMEngineering Lifecycle ...6.5MEDIUM
June 7
IBM i SST User Enumeration Vulnerability
CVE-2024-31878
IBMI5.3MEDIUM
June 6
IBM Engineering Requirements Management DOORS Next Vulnerable to XML External Entity Injection Attack
CVE-2023-45192
IBMEngineering Requiremen...8.2HIGH
IBM System Storage DS8900F Vulnerability: Remote Anonymous Connection Possible
CVE-2024-22326
IBMSystem Storage Ds8900f5MEDIUM
May 31
Unnecessary Privileges Could Lead to Escalation of Local User Privileges
CVE-2024-35142
IBMSecurity Verify Access...8.4HIGH
IBM Security Verify Access Docker Vulnerability Could Lead to Privilege Escalation
CVE-2024-35140
IBMSecurity Verify Access...7.7HIGH
IBM Planning Analytics Local 2.0 and 2.1 vulnerable to Cross-Site Scripting
CVE-2024-31907
IBMPlanning Analytics Local5.4MEDIUM
IBM Planning Analytics Local 2.0 and 2.1 Vulnerable to Stored Cross-Site Scripting
CVE-2024-31908
IBMPlanning Analytics Local6.4MEDIUM
IBM Planning Analytics Local 2.0 and 2.1 vulnerable to Cross-Site Scripting
CVE-2024-31889
IBMPlanning Analytics Local5.4MEDIUM
IBM Security Verify Access OIDC Provider Vulnerability Could Disclose Sensitive Information
CVE-2024-22338
IBMSecurity Verify Access...4MEDIUM
May 30
Aspera Console Vulnerability Allows Web Pages to be Stored Locally
CVE-2022-43841
IBMAspera Console4MEDIUM
Aspera Console vulnerable to Cross-Site Scripting
CVE-2022-43575
IBMAspera Console5.4MEDIUM
Aspera Console vulnerable to Cross-Site Scripting
CVE-2022-43384
IBMAspera Console4.6MEDIUM
May 29
IBM Db2 on Cloud Pak for Data Vulnerability Could Allow System Calls Compromising Container Security
CVE-2023-42005
IBMDb2 On Cloud Pak For Data7.4HIGH
May 28
Aspera Faspex vulnerable to Cross-Site Scripting (XSS)
CVE-2023-37411
IBMAspera Faspex4.8MEDIUM
IBM Engineering Workflow Management Vulnerable to Stored Cross-Site Scripting
CVE-2024-28793
IBMEngineering Workflow M...4.9MEDIUM
May 24
IBM Security Guardium Vulnerable to Cross-Site Scripting
CVE-2023-47710
IBMSecurity Guardium5.4MEDIUM
May 22
IBM App Connect Enterprise information disclosure
CVE-2024-31894
IBMApp Connect Enterprise4.3MEDIUM
IBM App Connect Enterprise Vulnerability: Authenticated User Access to Sensitive User Information via Expired Access Token
CVE-2024-31895
IBMApp Connect Enterprise4.3MEDIUM
May 18
IBM i Vulnerability Could Lead to Arbitrary Code Execution and Denial of Service
CVE-2024-31879
IBMI7.5HIGH
May 16
Unauthorized Actions Could Lead to Denial of Service
CVE-2023-47717
IBMSecurity Guardium4.4MEDIUM
AIX Vulnerability Allows Non-Privileged Users to Execute Arbitrary Commands
CVE-2024-27260
IBMAix8.4HIGH
May 14
IBM UrbanCode Deploy vulnerable to Cross-Site Scripting
CVE-2024-28781
IBMUrbancode Deploy5.4MEDIUM
IBM App Connect Enterprise Vulnerable to HTML Injection
CVE-2024-28761
IBMApp Connect Enterprise5.4MEDIUM
IBM App Connect Enterprise Vulnerable to Denial of Service Due to Improper Resource Allocation
CVE-2024-28760
IBMApp Connect Enterprise4.3MEDIUM
Potential Privileged User Configuration Vulnerability Could Disclose Sensitive Information Across Tenants
CVE-2024-27269
IBMQradar Siem6.8MEDIUM
TXSeries for Multiplatforms Vulnerable to HTML Injection
CVE-2024-22344
IBMTxseries For Multiplat...6.1MEDIUM
Authentication Credentials at Risk of Interception and Retrieval
CVE-2024-22345
IBMTxseries For Multiplat...6.2MEDIUM
TXSeries for Multiplatforms Stores Web Pages Locally, Enabling Sharing and Collaboration
CVE-2024-22343
IBMTxseries For Multiplat...4MEDIUM
IBM Security Guardium Vulnerabilities Could Lead to Elevated Privileges
CVE-2023-47712
IBMSecurity Guardium7.8HIGH
Possible Denial of Service Vulnerability in IBM Security Guardium
CVE-2023-47711
IBMSecurity Guardium2.7LOW
Arbitrary Command Execution Vulnerability in IBM Security Guardium
CVE-2023-47709
IBMSecurity Guardium9.1CRITICAL
Unauthorized Access to RGW for Ceph in Spectrum Fusion HCI 2.5.2-2.7.2
CVE-2023-43040
IBMSpectrum Fusion Hci6.5MEDIUM
IBM SDK Vulnerable to Denial of Service Attack
CVE-2023-38264
IBMSdk, Java Technology E...5.9MEDIUM
May 7
Log File Vulnerability Could Allow Local User Access to Sensitive Information
CVE-2023-40694
IBMWatson Cp4d Data Stores6.2MEDIUM
Potential Privilege Escalation Vulnerability in AIX Unix Domain Datagram Sockets
CVE-2024-27273
IBMAix8.1HIGH
May 4
Aspera Orchestrator 4.0.1 Vulnerability Could Enable Remote Username Enumeration
CVE-2023-27283
IBMAspera Orchestrator5.3MEDIUM
May 3
IBM Cognos Controller Session Invalidation Vulnerability
CVE-2023-40695
IBMCognos Controller6.3MEDIUM
Cognos Controller Vulnerable to SQL Injection
CVE-2021-20451
IBMCognos Controller6MEDIUM
Weaker Cryptographic Algorithms in IBM Cognos Controller Could Lead to Information Decryption
CVE-2023-40696
IBMCognos Controller5.9MEDIUM
Cognos Controller Vulnerability Could Lead to Sensitive Information Disclosure
CVE-2023-23474
IBM
IBM Cognos Controller Vulnerable to Injection Attacks
CVE-2023-28952
IBM
Cognos Controller Vulnerable to SQL Injection
CVE-2023-38724
IBM
Cognos Controller Vulnerable to External Service Interaction Attack
CVE-2022-22364
IBMCognos Controller5.3MEDIUM
Cognos Controller Vulnerability Could Allow Username Enumeration
CVE-2021-20556
IBMCognos Controller5.3MEDIUM
Cognos Controller Vulnerability: Unsecured Authorization Tokens and Session Cookies
CVE-2021-20450
IBMCognos Controller4.3MEDIUM
IBM Cognos Controller Vulnerability: Weak Cryptographic Algorithms Expose Sensitive Data
CVE-2020-4874
IBMCognos Controller5.9MEDIUM
Aspera Orchestrator 4.0.1 Vulnerability Allows Remote Execution of Arbitrary Commands
CVE-2023-37407
IBM
May 2
IBM Cognos Analytics Vulnerable to Injection Attacks
CVE-2024-25047
IBMCognos Analytics8.6HIGH
Security Dashboard Parameters Vulnerability
CVE-2023-47727
IBMCloud Pak For Security4.3MEDIUM
May 1
CSV Injection Vulnerability in IBM WebSphere Automation Could Lead to Arbitrary Command Execution
CVE-2024-28764
IBMWebsphere Automation6.5MEDIUM
IBM MQ Denial of Service Vulnerability
CVE-2024-25015
IBMMQ7.5HIGH
WebSphere Automation Vulnerable to Cross-Site Scripting
CVE-2024-28775
IBMWebsphere Automation4.4MEDIUM
IBM Cloud Pak for Security information disclosure
CVE-2022-38386
IBMCloud Pak For Security5.9MEDIUM
April 30
Active Session Theft Vulnerability Affects IBM Storage Scale
CVE-2023-38002
IBMStorage Scale5MEDIUM
April 28
IBM i Vulnerability Could Allow Elevated Privileges
CVE-2024-25050
IBMI8.4HIGH