Skip to main content

IBM

5583 CVEs vendor

Monthly

CVE-2023-30449 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-30448 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-30447 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-30446 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-30445 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-30442 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-30431 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Microsoft IBM Db2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29256 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Microsoft IBM Db2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-28958 HIGH PATCH This Week

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection IBM Watson Knowledge Catalog On Cloud Pak For Data
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-28955 MEDIUM PATCH This Month

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Watson Knowledge Catalog On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-28953 MEDIUM PATCH This Month

IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cognos Analytics Cartridge For Ibm Cloud Pak For Data
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-27869 HIGH PATCH This Week

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft IBM Db2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-27868 HIGH PATCH This Week

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft IBM Db2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-27867 HIGH PATCH This Week

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft IBM Db2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-27558 HIGH PATCH This Week

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft IBM Db2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27540 HIGH This Week

IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Cloud Pak For Data Watson Cp4D Data Stores
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-23487 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft IBM Db2
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-35890 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Application Server
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30990 CRITICAL PATCH Act Now

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27866 CRITICAL PATCH Act Now

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM Informix Jdbc Driver
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30993 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Security
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23468 MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22593 HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass IBM Robotic Process Automation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26276 HIGH PATCH This Week

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-26274 MEDIUM PATCH This Month

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26273 MEDIUM PATCH This Month

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32339 MEDIUM PATCH This Month

IBM Business Automation Workflow is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33842 MEDIUM PATCH This Month

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft IBM Spss Modeler
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28956 HIGH PATCH This Week

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation IBM Spectrum Protect Backup Archive Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25683 HIGH This Week

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Powervm Hypervisor
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23482 CRITICAL PATCH Act Now

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-23481 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23480 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33847 LOW PATCH Monitor

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Txseries For Multiplatform Cics Tx
NVD
CVSS 3.1
3.1
EPSS
0.6%
CVE-2023-33846 MEDIUM PATCH This Month

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Txseries For Multiplatform Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33849 LOW Monitor

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Cics Tx Txseries For Multiplatforms
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2023-33848 MEDIUM This Month

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cics Tx Txseries For Multiplatforms
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-32334 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-27861 MEDIUM This Month

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-0041 HIGH PATCH This Week

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Guardium
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-27285 HIGH PATCH This Week

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22862 HIGH PATCH This Week

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26278 HIGH This Week

IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Wincollect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26277 HIGH This Week

IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Wincollect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32342 HIGH This Week

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Http Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-30440 HIGH This Week

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Powervm Hypervisor
NVD
CVSS 3.1
7.9
EPSS
0.2%
CVE-2023-32336 CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization IBM Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-28950 MEDIUM PATCH This Month

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28529 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22878 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28514 MEDIUM PATCH This Month

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30438 HIGH This Week

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Powervm Hypervisor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27863 MEDIUM PATCH This Month

IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Spectrum Protect
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-25927 HIGH This Week

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-28522 HIGH PATCH This Week

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure IBM Api Connect
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-28520 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27870 MEDIUM PATCH This Month

IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Spectrum Virtualize
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-27554 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Websphere Application Server
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-24957 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26285 MEDIUM PATCH This Month

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-30434 MEDIUM PATCH This Month

IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Elastic Information Disclosure IBM Elastic Storage System Spectrum Scale
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22874 MEDIUM PATCH This Month

IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24958 HIGH This Week

A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Command Injection IBM 3957 Vec Firmware +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-23470 MEDIUM This Month

IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. Rated medium severity (CVSS 6.4). No vendor patch available.

SQLi IBM
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2023-30441 HIGH This Week

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure IBM Infosphere Information Server Websphere Application Server +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26022 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26021 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27864 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-27555 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25930 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-28528 HIGH POC PATCH Act Now

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection IBM Vios Aix
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2023-27557 HIGH This Week

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Safer Payments
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-27556 HIGH This Week

IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Safer Payments
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27860 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-24966 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30444 MEDIUM PATCH This Month

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Watson Machine Learning On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-29255 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27559 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-29257 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft IBM Db2
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-26286 HIGH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27876 HIGH PATCH This Week

IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Tririga Application Platform
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-27286 CRITICAL PATCH Act Now

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27284 CRITICAL PATCH Act Now

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26283 MEDIUM PATCH This Month

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25924 HIGH PATCH This Week

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-25688 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-25684 CRITICAL PATCH Act Now

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25923 HIGH PATCH This Week

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-25686 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27874 HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Aspera Faspex
NVD
CVSS 3.1
8.8
EPSS
1.3%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Microsoft +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Microsoft +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection IBM Watson Knowledge Catalog On Cloud Pak For Data
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Watson Knowledge Catalog On Cloud Pak For Data
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cognos Analytics Cartridge For Ibm Cloud Pak For Data
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Cloud Pak For Data +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft IBM +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Application Server
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Security
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass IBM +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Business Automation Workflow is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft IBM +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation IBM Spectrum Protect Backup Archive Client
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Powervm Hypervisor
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Txseries For Multiplatform +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Txseries For Multiplatform +1
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Cics Tx +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cics Tx +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Application Suite +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Guardium
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE IBM +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Cargo +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Wincollect
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Wincollect
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Http Server
NVD
EPSS 0% CVSS 7.9
HIGH This Week

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Powervm Hypervisor
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization IBM +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Powervm Hypervisor
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Spectrum Protect
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Security Verify Access
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure IBM Api Connect
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Spectrum Virtualize
NVD
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Websphere Application Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service IBM +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Elastic Information Disclosure IBM +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Mq Appliance
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Command Injection +4
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. Rated medium severity (CVSS 6.4). No vendor patch available.

SQLi IBM
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure IBM +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH Act Now

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection IBM Vios +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Safer Payments
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Safer Payments
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Asset Management
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Watson Machine Learning On Cloud Pak For Data
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +1
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft IBM +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Vios +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Tririga Application Platform
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE IBM +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass IBM +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Security Key Lifecycle Manager
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Aspera Faspex
NVD
Prev Page 16 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy