Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-03-15 CVE-2023-47162 Unspecified vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
6.1
2024-03-14 CVE-2024-22346 Unspecified vulnerability in IBM I
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call.
local
low complexity
ibm
7.8
2024-03-14 CVE-2024-27265 Unspecified vulnerability in IBM Integration BUS 10.1/10.1.0.2/10.1.0.3
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm
6.5
2024-03-14 CVE-2024-27266 Unspecified vulnerability in IBM Maximo Application Suite 7.6.1.3
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm
8.2
2024-03-01 CVE-2023-28525 Unspecified vulnerability in IBM products
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting.
network
low complexity
ibm
4.8
2024-03-01 CVE-2023-28949 Unspecified vulnerability in IBM products
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm
6.5
2024-03-01 CVE-2023-50305 Unspecified vulnerability in IBM products
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
local
high complexity
ibm
5.1
2024-02-29 CVE-2023-38367 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token.
network
low complexity
ibm
6.5
2024-02-29 CVE-2023-25921 Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
network
low complexity
ibm
8.8
2024-02-29 CVE-2023-25926 Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm
8.2