Filtered by vendor Ibm
Subscriptions
Total
7287 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-37396 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | 2.5 Low |
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. | ||||
CVE-2024-51470 | 1 Ibm | 3 Mq, Mq Appliance, Mq For Hpe Nonstop | 2024-12-18 | 6.5 Medium |
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. | ||||
CVE-2024-41752 | 1 Ibm | 1 Cognos Analytics | 2024-12-18 | 5.4 Medium |
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
CVE-2024-45082 | 1 Ibm | 1 Cognos Analytics | 2024-12-18 | 6.8 Medium |
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. | ||||
CVE-2024-25042 | 1 Ibm | 1 Cognos Analytics | 2024-12-18 | 5.4 Medium |
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. | ||||
CVE-2024-52361 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-12-18 | 5.7 Medium |
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. | ||||
CVE-2024-47119 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-12-18 | 5.9 Medium |
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | ||||
CVE-2023-50956 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-12-18 | 4.4 Medium |
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | ||||
CVE-2024-47104 | 1 Ibm | 1 I | 2024-12-18 | 6.8 Medium |
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges. | ||||
CVE-2024-49817 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2024-12-17 | 4.4 Medium |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | ||||
CVE-2024-49818 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2024-12-17 | 4.3 Medium |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
CVE-2024-49819 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2024-12-17 | 4.1 Medium |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | ||||
CVE-2024-49820 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2024-12-17 | 3.7 Low |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
CVE-2024-49816 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2024-12-17 | 4.9 Medium |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | ||||
CVE-2023-30996 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-12-17 | 5.3 Medium |
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290. | ||||
CVE-2023-32344 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-12-17 | 4.3 Medium |
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898. | ||||
CVE-2023-38359 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-12-17 | 6.1 Medium |
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744. | ||||
CVE-2023-43051 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-12-17 | 5.4 Medium |
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267451. | ||||
CVE-2022-34357 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-12-17 | 6.5 Medium |
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510. | ||||
CVE-2023-38367 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-12-16 | 6.5 Medium |
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130. |