Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-03-15 CVE-2023-47147 External Control of File Name or Path vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions.
network
low complexity
ibm CWE-73
5.3
5.3
2024-03-15 CVE-2023-47699 Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2024-03-15 CVE-2023-46179 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-614
4.3
4.3
2024-03-15 CVE-2023-46182 Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2024-03-15 CVE-2023-47162 Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2024-03-14 CVE-2024-22346 Unspecified vulnerability in IBM I
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call.
local
low complexity
ibm
7.8
7.8
2024-03-14 CVE-2024-27265 Cross-Site Request Forgery (CSRF) vulnerability in IBM Integration BUS 10.1
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
6.5
6.5
2024-03-14 CVE-2024-27266 XXE vulnerability in IBM Maximo Application Suite 7.6.1.3
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
8.2
2024-03-01 CVE-2023-28525 Cross-site Scripting vulnerability in IBM products
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
4.8
2024-03-01 CVE-2023-28949 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
6.5
6.5