Filtered by vendor Ibm
Subscribe
Total
7369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4820 | 1 Ibm | 1 Rational Asset Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences. | |||||
| CVE-2003-5003 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-20 | 4.3 MEDIUM | 5.0 MEDIUM |
| A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2003-5002 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-20 | 5.0 MEDIUM | 3.7 LOW |
| A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2003-5001 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-20 | 7.5 HIGH | 5.3 MEDIUM |
| A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-41784 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-20 | N/A | 7.5 HIGH |
| IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system. | |||||
| CVE-2024-39726 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization - Engineering Insights, Linux Kernel, Windows | 2024-11-19 | N/A | 8.2 HIGH |
| IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||
| CVE-2024-45087 | 1 Ibm | 1 Websphere Application Server | 2024-11-18 | N/A | 4.8 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-45088 | 1 Ibm | 1 Maximo Asset Management | 2024-11-18 | N/A | 6.4 MEDIUM |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-45670 | 1 Ibm | 1 Soar | 2024-11-16 | N/A | 5.6 MEDIUM |
| IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | |||||
| CVE-2024-45642 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2024-11-16 | N/A | 5.3 MEDIUM |
| IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-45099 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2024-11-16 | N/A | 3.1 LOW |
| IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-41738 | 1 Ibm | 1 Txseries For Multiplatforms | 2024-11-14 | N/A | 5.9 MEDIUM |
| IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | |||||
| CVE-2024-41741 | 1 Ibm | 1 Txseries For Multiplatforms | 2024-11-14 | N/A | 5.3 MEDIUM |
| IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. | |||||
| CVE-2024-41745 | 1 Ibm | 1 Cics Tx | 2024-11-14 | N/A | 6.1 MEDIUM |
| IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-45085 | 1 Ibm | 1 Websphere Application Server | 2024-11-08 | N/A | 5.9 MEDIUM |
| IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. | |||||
| CVE-2024-49340 | 1 Ibm | 1 Watson Studio Local | 2024-11-08 | N/A | 4.3 MEDIUM |
| IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-45086 | 1 Ibm | 1 Websphere Application Server | 2024-11-06 | N/A | 5.5 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||
| CVE-2024-31880 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-06 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | |||||
| CVE-2023-50310 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-05 | N/A | 4.9 MEDIUM |
| IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | |||||
| CVE-2024-40680 | 1 Ibm | 1 Mq Operator | 2024-10-31 | N/A | 5.5 MEDIUM |
| IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | |||||