Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2021-38933 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2023-07-19 | CVE-2022-43908 | Improper Input Validation vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. | 6.5 |
| 2023-07-19 | CVE-2023-26023 | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0 Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. | 7.5 |
| 2023-07-19 | CVE-2023-26026 | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0 Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. | 7.5 |
| 2023-07-19 | CVE-2023-27877 | Improper Authentication vulnerability in IBM Cloud PAK for Data 4.0 IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. | 7.5 |
| 2023-07-19 | CVE-2023-28513 | Unspecified vulnerability in IBM MQ and MQ Appliance IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. | 7.5 |
| 2023-07-19 | CVE-2023-29259 | Unspecified vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | 5.3 |
| 2023-07-19 | CVE-2023-29260 | Server-Side Request Forgery (SSRF) vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2023-07-19 | CVE-2023-30433 | Open Redirect vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
| 2023-07-19 | CVE-2023-33832 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in IBM products IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. | 4.7 |