Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-02-12 CVE-2022-34311 Insufficiently Protected Credentials vulnerability in IBM Cics TX 11.1
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials.
low complexity
ibm CWE-522
4.3
2024-02-10 CVE-2023-50957 Improper Privilege Management vulnerability in IBM Storage Defender Resiliency Service 2.0
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage.
network
low complexity
ibm CWE-269
7.2
2024-02-10 CVE-2024-22312 Insufficiently Protected Credentials vulnerability in IBM Storage Defender Resiliency Service 2.0
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2024-02-10 CVE-2024-22313 Use of Hard-coded Credentials vulnerability in IBM Storage Defender Resiliency Service 2.0
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
local
low complexity
ibm CWE-798
7.8
2024-02-10 CVE-2024-22361 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Semeru Runtime
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2024-02-09 CVE-2023-32341 Resource Exhaustion vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption.
network
low complexity
ibm CWE-400
6.5
2024-02-09 CVE-2023-42016 Cleartext Transmission of Sensitive Information vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-319
4.3
2024-02-09 CVE-2023-45187 Insufficient Session Expiration vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
8.8
2024-02-09 CVE-2023-45190 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-307
6.1
2024-02-09 CVE-2023-45191 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5