Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-29 | CVE-2024-49804 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. | 7.8 |
| 2024-11-29 | CVE-2024-49805 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2024-11-29 | CVE-2024-49806 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2024-11-25 | CVE-2023-45181 | Cross-site Scripting vulnerability in IBM Jazz Foundation IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. | 6.1 |
| 2024-11-23 | CVE-2024-35160 | Insufficient Session Expiration vulnerability in IBM BIG SQL and Watson Query With Cloud PAK for Data IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. | 6.5 |
| 2024-11-23 | CVE-2024-41761 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 5.3 |
| 2024-11-19 | CVE-2024-52359 | Incorrect User Management vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. | 8.8 |
| 2024-11-19 | CVE-2024-52360 | Unspecified vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. | 9.8 |
| 2024-11-15 | CVE-2024-39726 | XXE vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2024-11-15 | CVE-2024-41784 | Path Traversal vulnerability in IBM Sterling Secure Proxy IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. | 7.5 |