Filtered by vendor Ibm Subscriptions
Total 7292 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45088 1 Ibm 1 Maximo Asset Management 2024-11-18 6.4 Medium
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45670 1 Ibm 1 Soar 2024-11-16 5.6 Medium
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.
CVE-2024-45642 2 Ibm, Linux 2 Security Qradar Edr, Linux Kernel 2024-11-16 5.3 Medium
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45099 2 Ibm, Linux 2 Security Qradar Edr, Linux Kernel 2024-11-16 3.1 Low
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-41738 1 Ibm 1 Txseries For Multiplatforms 2024-11-14 5.9 Medium
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
CVE-2024-41741 1 Ibm 1 Txseries For Multiplatforms 2024-11-14 5.3 Medium
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.
CVE-2024-41745 1 Ibm 1 Cics Tx 2024-11-14 6.1 Medium
IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45085 1 Ibm 1 Websphere Application Server 2024-11-08 5.9 Medium
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service.
CVE-2024-49340 1 Ibm 1 Watson Studio Local 2024-11-08 4.3 Medium
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-45086 1 Ibm 1 Websphere Application Server 2024-11-07 5.5 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2024-31880 4 Ibm, Linux, Microsoft and 1 more 4 Db2, Linux Kernel, Windows and 1 more 2024-11-06 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
CVE-2024-35146 1 Ibm 1 Maximo Application Suite 2024-11-06 5.4 Medium
IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-50310 1 Ibm 1 Cics Transaction Gateway 2024-11-05 4.9 Medium
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CVE-2024-45656 1 Ibm 1 Power9 System Firmware 2024-11-02 9.8 Critical
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.
CVE-2024-41744 1 Ibm 1 Cics Tx 2024-11-01 6.5 Medium
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-40681 1 Ibm 1 Mq Appliance 2024-10-31 7.5 High
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
CVE-2024-40680 1 Ibm 2 Mq Appliance, Mq Operator 2024-10-31 5.5 Medium
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
CVE-2024-43177 1 Ibm 1 Concert 2024-10-25 5.9 Medium
IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
CVE-2024-43173 1 Ibm 1 Concert 2024-10-25 3.7 Low
IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
CVE-2024-38314 1 Ibm 1 Maximo Application Suite 2024-10-25 5.9 Medium
IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.