ReportizFlow
Filtered by vendor Ibm
Subscriptions
Total
7296 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38322 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | 5.3 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869. | ||||
| CVE-2024-38319 | 1 Ibm | 1 Soar | 2024-11-21 | 7.5 High |
| IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830. | ||||
| CVE-2024-37533 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 2.4 Low |
| IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. | ||||
| CVE-2024-37532 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 8.8 High |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721. | ||||
| CVE-2024-37528 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 4.8 Medium |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293. | ||||
| CVE-2024-35156 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 6.5 Medium |
| IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766. | ||||
| CVE-2024-35155 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 6.5 Medium |
| IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765. | ||||
| CVE-2024-35154 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7.2 High |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641. | ||||
| CVE-2024-35153 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.8 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640. | ||||
| CVE-2024-35142 | 1 Ibm | 1 Security Verify Access Docker | 2024-11-21 | 8.4 High |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418. | ||||
| CVE-2024-35140 | 1 Ibm | 1 Security Verify Access Docker | 2024-11-21 | 7.7 High |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. | ||||
| CVE-2024-35139 | 1 Ibm | 2 Security Access Manager, Security Verify Access Docker | 2024-11-21 | 6.2 Medium |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415. | ||||
| CVE-2024-35137 | 1 Ibm | 2 Security Access Manager, Security Verify Access Docker | 2024-11-21 | 6.2 Medium |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413. | ||||
| CVE-2024-35119 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342. | ||||
| CVE-2024-35116 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 5.9 Medium |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335. | ||||
| CVE-2024-31919 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 5.9 Medium |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259. | ||||
| CVE-2024-31916 | 1 Ibm | 1 Openbmc | 2024-11-21 | 7.5 High |
| IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. | ||||
| CVE-2024-31912 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 7.5 High |
| IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. | ||||
| CVE-2024-31908 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 6.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. | ||||
| CVE-2024-31907 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 5.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. | ||||