Filtered by vendor Ibm
Subscribe
Total
7311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27871 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-02-25 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613. | |||||
| CVE-2024-49336 | 1 Ibm | 1 Security Guardium | 2025-02-25 | N/A | 6.5 MEDIUM |
| IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-27277 | 1 Ibm | 1 Storage Protect Plus | 2025-02-14 | N/A | 6.2 MEDIUM |
| The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. | |||||
| CVE-2023-38372 | 1 Ibm | 1 Watson Iot Platform | 2025-02-14 | N/A | 5.9 MEDIUM |
| An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201. | |||||
| CVE-2023-30449 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439. | |||||
| CVE-2023-30448 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | N/A | 5.9 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437. | |||||
| CVE-2023-30445 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357. | |||||
| CVE-2022-47986 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-02-13 | N/A | 9.8 CRITICAL |
| IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. | |||||
| CVE-2024-49796 | 1 Ibm | 1 Applinx | 2025-02-13 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2020-4427 | 1 Ibm | 1 Data Risk Manager | 2025-02-12 | 9.0 HIGH | 9.8 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. | |||||
| CVE-2020-4430 | 1 Ibm | 1 Data Risk Manager | 2025-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | |||||
| CVE-2020-4428 | 1 Ibm | 1 Data Risk Manager | 2025-02-12 | 9.0 HIGH | 9.1 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. | |||||
| CVE-2013-3993 | 1 Ibm | 1 Infosphere Biginsights | 2025-02-12 | 3.5 LOW | 6.5 MEDIUM |
| IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | |||||
| CVE-2015-7450 | 1 Ibm | 7 Sterling B2b Integrator, Sterling Integrator, Tivoli Common Reporting and 4 more | 2025-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. | |||||
| CVE-2024-49798 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2024-49797 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.9 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-49795 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-49794 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-49793 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-49792 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||