Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-16 | CVE-2023-38280 | Improper Privilege Management vulnerability in IBM Hardware Management Console 10.1.1010.0/10.2.1030.0 IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. | 7.8 |
| 2023-10-16 | CVE-2023-33836 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-16 | CVE-2023-40377 | Unspecified vulnerability in IBM I 7.2/7.3/7.4 Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. | 7.8 |
| 2023-10-16 | CVE-2023-35013 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. | 4.4 |
| 2023-10-16 | CVE-2023-35018 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. | 7.2 |
| 2023-10-15 | CVE-2023-40378 | Unspecified vulnerability in IBM I IBM Directory Server for IBM i contains a local privilege escalation vulnerability. | 7.8 |
| 2023-10-14 | CVE-2023-30994 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2023-10-14 | CVE-2023-40367 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. | 5.4 |
| 2023-10-14 | CVE-2022-43740 | Resource Exhaustion vulnerability in IBM Security Verify Access Oidc Provider IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. | 7.5 |
| 2023-10-14 | CVE-2022-43868 | Unspecified vulnerability in IBM Security Verify Access Oidc Provider IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. | 5.3 |