Filtered by vendor Ibm Subscriptions
Total 7292 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-41762 1 Ibm 1 Db2 2024-12-09 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVE-2023-28956 2 Ibm, Microsoft 3 Spectrum Protect, Spectrum Protect Backup-archive Client, Windows 2024-12-09 8.4 High
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.
CVE-2024-47107 1 Ibm 1 Qradar Security Information And Event Manager 2024-12-09 6.4 Medium
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-47717 1 Ibm 1 Security Guardium 2024-12-07 4.4 Medium
IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.
CVE-2023-33842 3 Apple, Ibm, Microsoft 3 Macos, Spss Modeler, Windows 2024-12-05 6.2 Medium
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.
CVE-2024-53979 1 Ibm 1 Zhmc 2024-12-04 8.3 High
ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection "ibm.ibm_zhmc" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_ftp_password' and 'ssc_master_pw' properties are passed as input to the zhmc_partition Ansible module. 2. The 'ssc_master_pw' and 'zaware_master_pw' properties are passed as input to the zhmc_lpar Ansible module. 3. The 'password' property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The 'bind_password' property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the "log_file" module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-22335 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-12-04 5.1 Medium
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.
CVE-2024-22336 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-12-04 5.1 Medium
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.
CVE-2024-51465 1 Ibm 1 App Connect Enterprise Certified Container 2024-12-04 8.8 High
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
CVE-2024-22337 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-12-03 5.1 Medium
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.
CVE-2023-50951 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-12-03 4 Medium
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.
CVE-2024-49806 1 Ibm 1 Security Verify Access 2024-11-29 9.4 Critical
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2024-49805 1 Ibm 1 Security Verify Access 2024-11-29 9.4 Critical
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2024-49804 1 Ibm 1 Security Verify Access 2024-11-29 7.8 High
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.
CVE-2024-49803 1 Ibm 1 Security Verify Access 2024-11-29 9.8 Critical
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
CVE-2014-3566 11 Apple, Debian, Fedoraproject and 8 more 28 Mac Os X, Debian Linux, Fedora and 25 more 2024-11-27 3.4 Low
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2024-35160 1 Ibm 3 Big Sql, Watson Query With Cloud Pak For Data, Watson Query With Cloud Pak For Data As A Service 2024-11-26 4.3 Medium
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
CVE-2024-49351 1 Ibm 1 Tivoli Workload Scheduler 2024-11-26 5.5 Medium
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.
CVE-2024-49353 1 Ibm 1 Watson Speech Services Cartridge On Cloud Pak For Data 2024-11-26 7.5 High
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.
CVE-2024-52899 1 Ibm 1 Data Virtualization Manager For Z-os 2024-11-26 8.5 High
IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.