Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-07-12 CVE-2024-40690 Unspecified vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
2024-07-10 CVE-2023-33859 Unspecified vulnerability in IBM Security Qradar EDR 3.12
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy.
network
low complexity
ibm
5.3
2024-07-10 CVE-2023-33860 Unspecified vulnerability in IBM Security Qradar EDR 3.12
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm
5.3
2024-07-10 CVE-2023-35006 Cross-site Scripting vulnerability in IBM Security Qradar EDR 3.12
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
2024-07-09 CVE-2024-35154 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code.
network
low complexity
ibm
7.2
2024-07-08 CVE-2024-39742 Incorrect Comparison vulnerability in IBM MQ Operator
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability.
network
low complexity
ibm CWE-697
critical
9.8
2024-07-08 CVE-2024-39743 Unspecified vulnerability in IBM MQ Operator
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation.
network
low complexity
ibm
7.5
2024-07-08 CVE-2024-31897 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm
4.3
2024-07-08 CVE-2024-37528 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
2024-07-08 CVE-2024-38330 Unspecified vulnerability in IBM I 7.2/7.3/7.4
IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call.
local
low complexity
ibm
7.8