Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-15 | CVE-2024-31870 | Information Exposure Through Discrepancy vulnerability in IBM I IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. | 3.3 |
| 2024-06-13 | CVE-2024-22333 | Exposure of Resource to Wrong Sphere vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2024-06-13 | CVE-2024-25052 | Insufficiently Protected Credentials vulnerability in IBM Jazz Reporting Service 7.0.3 IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. | 4.4 |
| 2024-06-12 | CVE-2023-29267 | Unspecified vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | 6.5 |
| 2024-06-12 | CVE-2024-31881 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. | 6.5 |
| 2024-06-12 | CVE-2024-28762 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. | 6.5 |
| 2024-06-07 | CVE-2024-31878 | Information Exposure Through Discrepancy vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. | 5.3 |
| 2024-06-06 | CVE-2023-45192 | XXE vulnerability in IBM Doors Next 7.0.2/7.0.3 IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2024-06-06 | CVE-2024-22326 | Missing Authentication for Critical Function vulnerability in IBM Ds8900F Firmware IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. | 6.3 |
| 2024-04-19 | CVE-2022-40745 | Inadequate Encryption Strength vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. | 5.5 |