Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-04-19 CVE-2022-40745 Inadequate Encryption Strength vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security.
local
low complexity
ibm CWE-326
5.5
2024-04-19 CVE-2023-27279 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting.
network
low complexity
ibm
6.5
2024-04-19 CVE-2023-37397 Inadequate Encryption Strength vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data.
local
low complexity
ibm CWE-326
4.4
2024-04-02 CVE-2023-50313 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration.
low complexity
ibm CWE-327
6.5
2024-03-31 CVE-2023-50311 Insufficiently Protected Credentials vulnerability in IBM Cics Transaction Gateway 9.2/9.3
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
network
low complexity
ibm CWE-522
4.9
2024-03-31 CVE-2023-50959 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account.
network
low complexity
ibm
6.5
2024-03-31 CVE-2024-22353 Allocation of Resources Without Limits or Throttling vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request.
network
low complexity
ibm CWE-770
7.5
2024-03-31 CVE-2024-25027 Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Access 10.0.6
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption.
local
low complexity
ibm CWE-311
5.5
2024-03-22 CVE-2022-32751 Unspecified vulnerability in IBM Security Verify Directory 10.0.0
IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system.
network
low complexity
ibm
5.3
2024-03-22 CVE-2022-32753 Inadequate Encryption Strength vulnerability in IBM Security Verify Directory 10.0.0
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
low complexity
ibm CWE-326
6.5