IBM Latest Vulnerabilities

December 3

IBM Cognos Controller Vulnerability Could Lead to Sensitive Information Disclosure

CVE-2021-29892

IBMCognos Controller5.9MEDIUM

November 29

Potential Privilege Escalation Vulnerability in Security Verify Access Appliance

CVE-2024-49804

IBMSecurity Verify Access7.8HIGH

Hard-coded credentials expose IBM Security Verify Access Appliance to potential security risks

CVE-2024-49806

IBMSecurity Verify Access9.4CRITICAL

IBM Security Verify Access Appliance Hard-Coded Credentials Vulnerability

CVE-2024-49805

IBMSecurity Verify Access9.4CRITICAL

Remote Command Execution Vulnerability Affects IBM Security Verify Access Appliance

CVE-2024-49803

IBMSecurity Verify Access9.8CRITICAL

November 26

Unexpected States and Crashes in IBM Watson Speech Services Cartridge

CVE-2024-49353

IBMWatson Speech Services...7.5HIGH

IBM Workload Scheduler Stores User Credentials in Plain Text

CVE-2024-49351

IBMWorkload Scheduler5.5MEDIUM

IBM Data Virtualization Manager for z/OS vulnerable to malicious JDBC URL injection

CVE-2024-52899

IBMData Virtualization Ma...8.5HIGH

November 25

Jazz Foundation Vulnerability: Improper Access Control Exposes Dashboard Changes

CVE-2023-26280

IBMJazz Foundation5.3MEDIUM

November 23

Insufficient Session Expiration Vulnerability in IBM Cloud Pak for Data

CVE-2024-35160

IBMBig Sql6.5MEDIUM

November 22

Rhapsody under Attack: Remote Code Execution Vulnerability Detected

CVE-2024-41779

IBM9.8CRITICAL

November 21

IBM Db2 denial of service

CVE-2024-45663

IBMDb2 For Linux, Unix An...6.5MEDIUM

November 19

Unauthorized Access in IBM Concert Software Could Allow for Enhanced Privileges

CVE-2024-52359

IBM

IBM Concert Software Vulnerable to SQL Injection

CVE-2024-52360

IBM7.6HIGH

Concert Software Vulnerabilities Could Lead to Sensitive Data Exposure

CVE-2024-37070

IBMConcert Software4.3MEDIUM

November 15

CVE-2024-39726

IBMEngineering Lifecycle ...8.2HIGH

CVE-2024-41784

IBMSterling Secure Proxy7.5HIGH

IBM Concert Software Vulnerability Could Lead to Sensitive Information Theft

CVE-2024-43189

IBMConcert Software5.9MEDIUM

IBM Concert Software vulnerable to Cross-Site Scripting

CVE-2024-41785

IBMConcert Software6.1MEDIUM

November 14

Weak Password Recovery Mechanism in IBM Security SOAR Could Allow Attackers to Gain Unauthorized Access

CVE-2024-45670

IBMSoar8.1HIGH

November 11

CVE-2024-45087

IBMWebsphere Application ...4.8MEDIUM

CVE-2024-45088

IBMMaximo Asset Management5.4MEDIUM

November 4

IBM WebSphere Application Server Vulnerability to XML External Entity Injection Attack

CVE-2024-45086

IBMWebsphere Application ...5.5MEDIUM

November 1

IBM CICS TX Standard 11.1 Vulnerable to Cross-Site Request Forgery

CVE-2024-41744

IBMCics Tx Standard6.5MEDIUM

CICS TX Standard vulnerable to Cross-Site Scripting

CVE-2024-41745

IBMCics Tx Standard6.1MEDIUM

Timing Discrepancy in TXSeries for Multiplatforms Could Lead to Username Disclosure

CVE-2024-41741

IBMTxseries For Multiplat...5.3MEDIUM

TXSeries for Multiplatforms Vulnerability could lead to Sensitive Information Theft

CVE-2024-41738

IBMTxseries For Multiplat...5.9MEDIUM

October 29

IBM FSP Vulnerability: Static Credentials May Allow Network Users to Gain Service Privileges

CVE-2024-45656

IBMFlexible Service Proce...9.8CRITICAL

October 23

IBM CICS Transaction Gateway Vulnerability: Authentication Credentials at Risk

CVE-2023-50310

IBMCics Transaction Gatew...7.5HIGH

IBM Db2 Under Denial of Service Attack

CVE-2024-31880

IBMDb2 For Linux, Unix An...6.5MEDIUM

October 22

CVE-2024-43177

IBMConcert9.8CRITICAL

CVE-2024-43173

IBMConcert3.7LOW

October 16

IBM WebSphere Application Server Vulnerable to XML External Entity Injection Attack

CVE-2024-45072

IBMWebsphere Application ...5.5MEDIUM

IBM WebSphere Application Server vulnerable to Stored Cross-Site Scripting

CVE-2024-45071

IBMWebsphere Application ...4.8MEDIUM

CVE-2024-49340

IBMWatson Studio Local8.8HIGH

October 15

CVE-2024-45085

IBMWebsphere Application ...7.5HIGH

September 30

Potential for Credentials Disclosure through Stored Cross-Site Scripting

CVE-2024-45073

IBMWebsphere Application ...4.8MEDIUM

September 27

IBM Spectrum Control for Storage Vulnerability May Allow Takeover

CVE-2024-47293

IBMHarmonyos7.5HIGH

September 26

Specially Crafted YAML File Can Bypass Security Measures in IBM ManageIQ

CVE-2024-43191

IBMCloud Pak For Multiclo...7.2HIGH

Cognos Command Center Exposes Sensitive User Information

CVE-2024-31899

IBMCognos Command Center4.3MEDIUM

IBM Cloud Pak for Multicloud Management Stores User Credentials in Plain Text

CVE-2023-46175

IBMCloud Pak For Multiclo...4.4MEDIUM

September 25

Aspera Console Vulnerability: Remote Attacker Could Access Sensitive Information

CVE-2022-43845

IBMAspera Console7.5HIGH

Aspera Console Under Attack: Cavalier CSV Injection Vulnerability

CVE-2021-38963

IBMAspera Console8HIGH

Unvalidated Server Names Expose Sensitive Information in IBM Storage Defender 2.0.0-2.0.7

CVE-2024-38324

IBMStorage Defender - Res...6.5MEDIUM

September 22

Cognos Analytics Vulnerability Could Lead to Sensitive Information Disclosure

CVE-2024-40703

IBMCognos Analytics5.5MEDIUM

September 18

CVE-2024-43188

IBMBusiness Automation Wo...4.9MEDIUM

September 16

CVE-2024-38315

IBMAspera Shares6.5MEDIUM

September 13

IBM Concert 1.0 Security Vulnerability: Token and Session Cookie Exposure

CVE-2024-43180

IBMConcert4.3MEDIUM

September 10

IBM OpenPages Vulnerability: Unauthorized Access to Client-Side Source Code via JavaScript Source Maps

CVE-2024-27257

IBMOpenpages4.3MEDIUM

September 7

Bypass Security Restrictions with IBM MQ Operator

CVE-2024-40681

IBMMQ Operator7.5HIGH

IBM MQ Operator Denial of Service Vulnerability

CVE-2024-40680

IBMMQ Operator5.5MEDIUM

Weaker Cryptographic Algorithms in Maximo Suite Could Lead to Sensitive Information Decryption

CVE-2024-37068

IBMMaximo Application Suite7.5HIGH

September 5

IBM Aspera Faspex Vulnerability: Sensitive Information at Risk

CVE-2024-45096

IBMAspera Faspex6.5MEDIUM

Bypassing Access Restrictions and Modifying Resources

CVE-2024-45097

IBMAspera Faspex7.1HIGH

Potential Security Vulnerability in IBM Aspera Faspex 5.0.0-5.0.9 Allows Unauthorized Access Restrictions Bypass

CVE-2024-45098

IBMAspera Faspex8.1HIGH

September 4

CVE-2024-45074

IBMWebmethods Integration6.5MEDIUM

IBM WebMethods Integration Vulnerability Allows Arbitrary File Execution

CVE-2024-45076

IBMWebmethods Integration9.9CRITICAL

CVE-2024-45075

IBMWebmethods Integration8.8HIGH

August 31

IBM Sterling Connect:Direct Web Services Default Credentials May Expose Critical Functionality to Unauthorized Access

CVE-2024-39747

IBMSterling Connect:direc...9.8CRITICAL

August 29

IBM Security Verify Access Vulnerability Could Lead to Phishing Attacks

CVE-2024-35133

IBMSecurity Verify Access👾8.2HIGH

IBM MaaS360 Hard-Coded Credentials Vulnerability

CVE-2024-35118

IBMMaas3604.6MEDIUM

August 24

Running Pods Allow Elevated User Privileges

CVE-2022-43915

IBMApp Connect Enterprise...8.1HIGH

August 22

Weaker Cryptographic Algorithms in IBM Sterling Connect:Direct Web Services Could Lead to Data Decryption

CVE-2024-39745

IBMSterling Connect:direc...7.5HIGH

IBM Sterling Connect:Direct Web Services Vulnerable to Cross-Site Request Forgery

CVE-2024-39744

IBMSterling Connect:direc...4.3MEDIUM

IBM Sterling Connect:Direct Web Services Vulnerability Could Lead to Sensitive Information Theft

CVE-2024-39746

IBMSterling Connect:direc...5.9MEDIUM

{"name":"Improper Authorization in OpenPages with Watson APIs"}

CVE-2024-35151

IBMOpenpages With Watson6.5MEDIUM

August 20

CVE-2024-41773

IBMGlobal Configuration M...6.5MEDIUM

August 16

IBM QRadar Suite Software Vulnerability Could Lead to Sensitive Information Disclosure

CVE-2023-47728

IBMQradar Suite Software6.5MEDIUM

authentication vulnerability in Security Directory Integrator

CVE-2022-33162

IBMSecurity Directory Int...9.8CRITICAL

August 15

CVE-2024-40705

IBMInfosphere Information...6.5MEDIUM

CVE-2024-40704

IBMInfosphere Information...4.9MEDIUM

IBM QRadar Network Packet Capture Vulnerability

CVE-2024-31905

IBMQradar Network Packet ...5.9MEDIUM

IBM QRadar Suite Software Stores User Credentials in Plain Text

CVE-2024-25024

IBMQradar Suite Software5.5MEDIUM

August 14

IBM Db2 Under Denial of Service Attack with Specially Crafted Query

CVE-2024-35136

IBMDb2 For Linux, Unix An...6.5MEDIUM

Db2 Query Denial of Service Vulnerability

CVE-2024-37529

IBMDb2 For Linux, Unix An...6.5MEDIUM

IBM Db2 Denial of Service Vulnerability

CVE-2024-35152

IBMDb26.5MEDIUM

IBM Db2 for Linux, UNIX and Windows Vulnerable to Denial of Service Attack

CVE-2024-31882

IBMDb2 For Linux, Unix An...6.5MEDIUM

Spoofing Attacks on Trustworthy Certificates

CVE-2023-50314

IBMWebsphere Application ...7.5HIGH

Spoofing Attacks on Trustworthy Certificates

CVE-2023-50315

IBMWebsphere Application ...5.9MEDIUM

IBM QRadar Suite Software information disclosure

CVE-2024-28799

IBMQradar Suite Software7.5HIGH

CVE-2024-27267

IBMJava Sdk5.9MEDIUM

August 13

Default Password Vulnerability in OpenBMC Could Lead to Administrative Access

CVE-2024-35124

IBMOpenbmc7.5HIGH

Arbitrary JavaScript Code Execution Vulnerability in IBM Common Licensing 9.0 Could Lead to Credentials Disclosure

CVE-2024-41774

IBMCommon Licensing4.8MEDIUM

IBM Common Licensing 9.0 Flaws Make User Accounts Easier to Compromise

CVE-2024-40697

IBMCommon Licensing7.5HIGH

Unauthorized Access to Sensitive Information Possible After Logout

CVE-2022-38382

IBMQradar Suite Software4.1MEDIUM

August 12

Potential Password Impersonation Vulnerability in IBM Aspera Shares 1.10.0 PL2

CVE-2023-38018

IBMAspera Shares5.4MEDIUM

August 6

CVE-2024-39751

IBMInfosphere Information...4.3MEDIUM

August 4

Unauthorized Access to MongoDB Database via Remote Port

CVE-2024-35143

IBMPlanning Analytics Local9.1CRITICAL

August 3

Log File Vulnerability Could Leak Sensitive Information

CVE-2024-38321

IBMBusiness Automation Wo...6.5MEDIUM

July 30

IBM Security Directory Integrator Vulnerability

CVE-2022-33167

IBMSecurity Directory Int...7.5HIGH

IBM Aspera Orchestrator 4.0.1 Password Change Vulnerability

CVE-2023-26288

IBMAspera Orchestrator5.5MEDIUM

Cross-Site Request Forgery Vulnerability in IBM Aspera Orchestrator 4.0.1

CVE-2023-38001

IBMAspera Orchestrator6.5MEDIUM

Aspera Orchestrator Vulnerable to HTTP Header Injection

CVE-2023-26289

IBMAspera Orchestrator5.4MEDIUM

July 26

IBM InfoSphere Information Server Vulnerable to SQL Injection

CVE-2024-40689

IBMInfosphere Information...9.8CRITICAL

July 25

IBM Security Products Vulnerable to Stored Cross-Site Scripting

CVE-2024-28772

IBMSecurity Directory Int...5.4MEDIUM

Insufficient Session Expiration Could Lead to Sensitive Information Theft

CVE-2022-32759

IBMSecurity Directory Int...7.5HIGH

July 24

Possible Disclosure of Sensitive User Information via Physical Access

CVE-2024-37533

IBMInfosphere Information...4.6MEDIUM

July 18

IBM DOORS Web Access Vulnerable to XML External Entity Injection Attack

CVE-2023-50304

IBMEngineering Requiremen...8.2HIGH

July 17

IBM ClearQuest Vulnerable to Stored Cross-Site Scripting

CVE-2024-28796

IBMClearquest5.4MEDIUM

HTTP Responses Vulnerable to Sensitive Information Disclosure

CVE-2023-42010

IBMSterling B2b Integrato...3.7LOW