Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-28 | CVE-2023-23473 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2023-08-28 | CVE-2023-24959 | Unspecified vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. | 7.5 |
| 2023-08-28 | CVE-2023-26270 | Cross-site Scripting vulnerability in IBM Guardium Cloud KEY Manager IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. | 9.8 |
| 2023-08-28 | CVE-2023-26271 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Guardium Cloud KEY Manager IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2023-08-28 | CVE-2023-26272 | Information Exposure Through an Error Message vulnerability in IBM Guardium Cloud KEY Manager IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2023-08-28 | CVE-2022-43904 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium 11.3/11.4 IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. | 7.5 |
| 2023-08-27 | CVE-2022-43907 | OS Command Injection vulnerability in IBM Security Guardium 11.4 IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-08-27 | CVE-2022-43909 | Cross-site Scripting vulnerability in IBM Security Guardium 11.4 IBM Security Guardium 11.4 is vulnerable to cross-site scripting. | 5.4 |
| 2023-08-27 | CVE-2023-30435 | Cross-site Scripting vulnerability in IBM Security Guardium 11.3/11.4/11.5 IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-08-27 | CVE-2023-30436 | Cross-site Scripting vulnerability in IBM Security Guardium 11.3/11.4/11.5 IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. | 5.4 |