Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-42016 Cleartext Transmission of Sensitive Information vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-319
4.3
2024-02-09 CVE-2023-45187 Unspecified vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm
8.8
2024-02-09 CVE-2023-45190 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-307
6.1
2024-02-09 CVE-2023-45191 Unspecified vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm
7.5
2024-02-09 CVE-2024-22318 Session Fixation vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server.
local
low complexity
ibm CWE-384
5.5
2024-02-09 CVE-2024-22332 Unspecified vulnerability in IBM Integration BUS 10.1/10.1.0.2
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion.
network
low complexity
ibm
6.5
2024-02-07 CVE-2023-31002 Cleartext Storage of Sensitive Information vulnerability in IBM Security Access Manager Container
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user.
local
low complexity
ibm CWE-312
5.5
2024-02-07 CVE-2023-32328 Unspecified vulnerability in IBM Security Verify Access
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server.
network
low complexity
ibm
critical
9.8
2024-02-07 CVE-2023-32330 Improper Certificate Validation vulnerability in IBM Security Verify Access
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server.
network
low complexity
ibm CWE-295
critical
9.8
2024-02-07 CVE-2023-38369 Unspecified vulnerability in IBM Security Access Manager Container
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm
7.5