Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-45096 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.
network
low complexity
ibm
6.5
2024-09-05 CVE-2024-45097 Interpretation Conflict vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
network
low complexity
ibm CWE-436
7.1
2024-09-05 CVE-2024-45098 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
network
low complexity
ibm
8.1
2024-09-04 CVE-2024-45074 Path Traversal vulnerability in IBM Webmethods Integration 10.15
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2024-09-04 CVE-2024-45075 Unspecified vulnerability in IBM Webmethods Integration 10.15
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
network
low complexity
ibm
8.8
2024-09-04 CVE-2024-45076 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Webmethods Integration 10.15
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
network
low complexity
ibm CWE-434
critical
9.9
2024-08-31 CVE-2024-39747 Unspecified vulnerability in IBM Sterling Connect Direct web Services
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
network
low complexity
ibm
critical
9.8
2024-08-29 CVE-2024-35133 Open Redirect vulnerability in IBM products
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
8.2
2024-08-29 CVE-2024-35118 Use of Hard-coded Credentials vulnerability in IBM Maas360 MDM
IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.
low complexity
ibm CWE-798
4.6
2024-08-24 CVE-2022-43915 Incorrect Permission Assignment for Critical Resource vulnerability in IBM APP Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.
network
low complexity
ibm CWE-732
8.1