Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-02 | CVE-2023-50313 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. | 6.5 |
| 2024-03-31 | CVE-2023-50311 | Insufficiently Protected Credentials vulnerability in IBM Cics Transaction Gateway 9.2/9.3 IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 4.9 |
| 2024-03-31 | CVE-2023-50959 | Unspecified vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. | 6.5 |
| 2024-03-31 | CVE-2024-22353 | Resource Exhaustion vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. | 7.5 |
| 2024-03-31 | CVE-2024-25027 | Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Access 10.0.6 IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. | 5.5 |
| 2024-03-22 | CVE-2022-32751 | Unspecified vulnerability in IBM Security Verify Directory 10.0.0 IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. | 5.3 |
| 2024-03-22 | CVE-2022-32753 | Inadequate Encryption Strength vulnerability in IBM Security Verify Directory 10.0.0 IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 6.5 |
| 2024-03-22 | CVE-2022-32754 | Cross-site Scripting vulnerability in IBM Security Verify Directory 10.0.0 IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. | 4.8 |
| 2024-03-22 | CVE-2022-32756 | Information Exposure Through an Error Message vulnerability in IBM Security Verify Directory 10.0.0 IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 2.7 |
| 2024-03-21 | CVE-2023-47715 | Improper Privilege Management vulnerability in IBM Storage Protect Plus IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. | 4.3 |