Skip to main content

IBM

5580 CVEs vendor

Monthly

CVE-2023-31001 MEDIUM PATCH This Month

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

IBM Information Disclosure Docker Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2023-45175 MEDIUM This Month

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2023-45173 MEDIUM This Month

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2023-47140 MEDIUM This Month

IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Cics Transaction Gateway
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2023-50948 MEDIUM This Month

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Storage Fusion Hci
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-47145 HIGH This Week

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Privilege Escalation Db2 Windows
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-49880 HIGH This Week

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Financial Transaction Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43064 HIGH PATCH This Week

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE IBM
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45165 MEDIUM This Month

IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42017 CRITICAL Act Now

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload IBM Planning Analytics
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35895 CRITICAL Act Now

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection IBM Informix Jdbc
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-47707 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47705 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-47703 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-47702 CRITICAL Act Now

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-47706 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-47704 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-47161 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Urbancode Deploy
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-42013 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Urbancode Deploy
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42012 MEDIUM This Month

An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Urbancode Deploy
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-45172 MEDIUM PATCH This Month

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-47146 MEDIUM PATCH This Month

IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-42015 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS IBM Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-40691 MEDIUM PATCH This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-47741 MEDIUM PATCH This Month

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Db2 Mirror For I
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-46177 HIGH PATCH This Week

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Mq Appliance
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-45185 HIGH This Week

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM I Access Client Solutions
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-45182 MEDIUM This Month

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM I Access Client Solutions
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-45184 HIGH This Week

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM I Access Client Solutions
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-43042 HIGH This Week

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45174 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45170 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45166 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-49878 MEDIUM This Month

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Virtualization Engine Ts7760 3957 Vec Firmware Virtualization Engine Ts7770 3957 Ved Firmware Virtualization Engine Ts7770 3948 Ved Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-49877 MEDIUM This Month

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Virtualization Engine Ts7760 3957 Vec Firmware Virtualization Engine Ts7770 3957 Ved Firmware Virtualization Engine Ts7770 3948 Ved Firmware
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-47722 MEDIUM This Month

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Api Connect
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28527 MEDIUM This Month

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow IBM Informix Dynamic Server Informix Dynamic Server On Cloud Pak For Data
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28526 MEDIUM This Month

IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow IBM Informix Dynamic Server Informix Dynamic Server On Cloud Pak For Data
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28523 HIGH This Week

IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow IBM Informix Dynamic Server +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40687 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-38727 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-29258 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-47701 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-46167 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-38003 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft IBM Db2
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-40692 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-45178 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-46174 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43021 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42022 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42019 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service IBM Infosphere Information Server
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-42009 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40699 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-43015 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38268 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26024 MEDIUM This Month

IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-42006 MEDIUM This Month

IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass IBM
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-45168 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42004 HIGH This Week

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Security Guardium
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-49298 HIGH POC PATCH This Week

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass IBM Openzfs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-26279 HIGH PATCH This Week

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass IBM Qradar Wincollect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25682 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-47650 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Add Local Avatar
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-40363 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-38361 HIGH PATCH This Week

IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38364 MEDIUM PATCH This Month

IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38363 MEDIUM PATCH This Month

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-43057 MEDIUM This Month

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45167 MEDIUM This Month

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-45189 MEDIUM PATCH This Month

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Hashicorp IBM Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35896 MEDIUM PATCH This Month

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46176 HIGH PATCH This Week

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure IBM Mq Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43018 HIGH PATCH This Week

IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-42029 MEDIUM PATCH This Month

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Txseries For Multiplatforms Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42027 HIGH PATCH This Week

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Txseries For Multiplatforms Cics Tx
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-40685 HIGH PATCH This Week

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-43041 MEDIUM PATCH This Month

IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-40686 HIGH PATCH This Week

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-46158 CRITICAL Act Now

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Application Server Liberty
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-42031 MEDIUM This Month

IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Txseries For Multiplatforms Cics Tx
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-33840 MEDIUM PATCH This Month

IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Verify Governance
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-33839 HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Security Verify Governance
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-33837 HIGH PATCH This Week

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-43045 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38722 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38735 MEDIUM PATCH This Month

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Cognos Dashboards On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38276 HIGH PATCH This Week

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Dashboards On Cloud Pak For Data
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38275 HIGH PATCH This Week

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Dashboards On Cloud Pak For Data
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40373 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40372 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

IBM Information Disclosure Docker +2
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Vios +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Vios +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Cics Transaction Gateway
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Storage Fusion Hci
NVD
EPSS 0% CVSS 8.4
HIGH This Week

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Privilege Escalation +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Financial Transaction Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE IBM
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Aix
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload IBM +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection IBM +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Urbancode Deploy
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Urbancode Deploy
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft IBM +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS IBM +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Db2 Mirror For I
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Mq Appliance
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM I Access Client Solutions
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM I Access Client Solutions
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM I Access Client Solutions
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Vios +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Virtualization Engine Ts7760 3957 Vec Firmware +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Virtualization Engine Ts7760 3957 Vec Firmware +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Api Connect
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow IBM +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow IBM +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics On Cloud Pak For Data
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass IBM
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Vios +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Security Guardium
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass IBM Openzfs
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass IBM Qradar Wincollect
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Add Local Avatar
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cics Tx
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Denial Of Service IBM +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Hashicorp IBM +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Content Navigator
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure IBM Mq Appliance
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation IBM Cics Tx
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Txseries For Multiplatforms +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Txseries For Multiplatforms +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Application Server Liberty
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Txseries For Multiplatforms +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Verify Governance
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Security Verify Governance
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Sterling Partner Engagement Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Cognos Dashboards On Cloud Pak For Data
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Dashboards On Cloud Pak For Data
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Dashboards On Cloud Pak For Data
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
Prev Page 14 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy