Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-27867 | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. | 8.8 |
| 2023-07-10 | CVE-2023-27868 | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. | 8.8 |
| 2023-07-10 | CVE-2023-27869 | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. | 8.8 |
| 2023-07-10 | CVE-2023-28953 | Unspecified vulnerability in IBM Cognos Analytics Cartridge for IBM Cloud PAK for Data 4.0 IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. | 4.3 |
| 2023-07-10 | CVE-2023-28955 | Unspecified vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.0/4.5.0/4.5.3 IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. | 6.5 |
| 2023-07-10 | CVE-2023-28958 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.0 IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. | 7.8 |
| 2023-07-10 | CVE-2023-29256 | Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. | 6.5 |
| 2023-07-10 | CVE-2023-30431 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. | 7.8 |
| 2023-07-10 | CVE-2023-30442 | Unspecified vulnerability in IBM DB2 11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. | 7.5 |
| 2023-07-10 | CVE-2023-30445 | Unspecified vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. | 7.5 |