Skip to main content

IBM

5580 CVEs vendor

Monthly

CVE-2024-25042 MEDIUM This Month

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cognos Analytics
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-52361 MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-47119 HIGH This Week

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-47104 MEDIUM This Month

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-49820 LOW Monitor

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2024-49819 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-49818 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-49817 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-49816 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-31892 HIGH This Week

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM SQLi Storage Scale
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-31891 HIGH This Week

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Storage Scale
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-52901 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-51460 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-35117 MEDIUM This Month

IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Openpages With Watson
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-47117 MEDIUM This Month

IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Carbon Charts
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-47107 MEDIUM This Month

IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-41762 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-47115 HIGH This Week

IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Command Injection Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37071 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-51465 HIGH This Week

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection App Connect Enterprise Certified Container
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-45676 MEDIUM This Month

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-41777 HIGH This Week

IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Cognos Controller
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-41776 MEDIUM This Month

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Cognos Controller
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-41775 HIGH This Week

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-25020 CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-40691 CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-25036 LOW Monitor

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass Cognos Controller
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-25035 MEDIUM This Month

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-25019 CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-53979 HIGH This Week

ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-53865 PyPI HIGH PATCH This Week

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Python Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-49806 CRITICAL Act Now

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Verify Access
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-49805 CRITICAL Act Now

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Verify Access
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-49804 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Security Verify Access
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49803 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Verify Access
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-49353 MEDIUM This Month

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Race Condition Denial Of Service Watson Assistant For Ibm Cloud Pak For Data
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-49351 MEDIUM This Month

IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Workload Scheduler
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-52899 HIGH This Week

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE Data Virtualization Manager For Z Os
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-35160 MEDIUM This Month

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Big Sql Watson Query With Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41761 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-41781 MEDIUM This Month

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Powervm Hypervisor
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-41779 HIGH This Week

IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Engineering Systems Design Rhapsody
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-45663 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-52360 CRITICAL Act Now

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Concert
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-52359 HIGH This Week

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Concert
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-37070 MEDIUM This Month

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-39726 HIGH This Week

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Engineering Lifecycle Optimization Engineering Insights
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-41784 HIGH This Week

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Secure Proxy
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-43189 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-41785 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Concert
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45670 HIGH This Week

IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Soar
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-45642 MEDIUM This Month

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cors Misconfiguration Security Qradar Edr
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-45099 MEDIUM This Month

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Qradar Edr
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-45087 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-45088 MEDIUM This Month

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-35146 MEDIUM This Month

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Application Suite
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-45086 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-41745 MEDIUM This Month

IBM CICS TX Standard is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41744 HIGH This Week

IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Cics Tx
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-41741 MEDIUM This Month

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Txseries For Multiplatforms
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41738 MEDIUM This Month

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Txseries For Multiplatforms
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-45656 CRITICAL Act Now

IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Power System E1080 9080 Hex Firmware Power System L922 9008 22L Firmware Power System S922 9009 22A Firmware +25
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-30106 MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-38314 MEDIUM This Month

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-31880 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-43177 CRITICAL Act Now

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-43173 LOW Monitor

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2024-45072 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-45071 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-49340 HIGH This Week

IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Watson Studio Local
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-45085 HIGH This Week

IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45073 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-43191 HIGH This Week

IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization IBM Cloud Pak For Multicloud Management Monitoring
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-31899 MEDIUM This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Command Center
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-38324 MEDIUM This Month

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-40703 MEDIUM PATCH This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Apple Information Disclosure Cognos Analytics Cognos Analytics Reports
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43188 MEDIUM This Month

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-38315 MEDIUM This Month

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Shares
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-43180 MEDIUM This Month

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-27257 MEDIUM This Month

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Openpages Grc Platform Openpages With Watson
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-40681 HIGH This Week

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Mq Operator Supplied Mq Advanced Container Images
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-40680 MEDIUM This Month

IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Operator
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-37068 HIGH This Week

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-45098 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-45097 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-45096 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-45005 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

IBM Authentication Bypass Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-45076 CRITICAL Act Now

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM File Upload Webmethods Integration
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-45075 HIGH This Week

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Webmethods Integration
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-45074 MEDIUM This Month

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Webmethods Integration
NVD
CVSS 3.1
6.5
EPSS
0.5%
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cognos Analytics
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM SQLi Storage Scale
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Storage Scale
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Openpages With Watson
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Carbon Charts
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Command Injection Vios +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection App Connect Enterprise Certified Container
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Cognos Controller
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Cognos Controller
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass Cognos Controller
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
EPSS 0% CVSS 8.2
HIGH This Week

ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Python Information Disclosure
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Verify Access
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Verify Access
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Security Verify Access
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Verify Access
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Race Condition Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Workload Scheduler
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Big Sql +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Powervm Hypervisor
NVD
EPSS 1% CVSS 8.1
HIGH This Week

IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Engineering Systems Design Rhapsody
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Concert
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Concert
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
EPSS 1% CVSS 8.2
HIGH This Week

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Engineering Lifecycle Optimization Engineering Insights
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Secure Proxy
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Concert
NVD
EPSS 0% CVSS 8.1
HIGH This Week

IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Soar
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cors Misconfiguration +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Qradar Edr
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Application Suite
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM CICS TX Standard is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cics Tx
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Cics Tx
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Txseries For Multiplatforms
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Txseries For Multiplatforms
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Power System E1080 9080 Hex Firmware +27
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Connections
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Watson Studio Local
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization IBM Cloud Pak For Multicloud Management Monitoring
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Command Center
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Apple Information Disclosure +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Shares
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Openpages Grc Platform +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Mq Operator +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Operator
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
EPSS 0% CVSS 8.1
HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

IBM Authentication Bypass Linux +1
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM File Upload Webmethods Integration
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Webmethods Integration
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Webmethods Integration
NVD
Prev Page 11 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy