Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-02 | CVE-2023-47143 | Improper Encoding or Escaping of Output vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
2024-02-02 | CVE-2023-47144 | Cross-site Scripting vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. | 6.1 |
2024-02-02 | CVE-2023-47148 | Missing Authorization vulnerability in IBM Spectrum Protect Plus IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. | 7.5 |
2024-02-02 | CVE-2022-40744 | Cross-site Scripting vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. | 5.4 |
2024-02-02 | CVE-2023-38019 | Path Traversal vulnerability in IBM Soar Qradar Plugin APP IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. | 6.5 |
2024-02-02 | CVE-2023-38020 | Improper Output Neutralization for Logs vulnerability in IBM Soar Qradar Plugin APP IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. | 4.3 |
2024-02-02 | CVE-2023-38263 | Improper Access Control vulnerability in IBM Soar Qradar Plugin APP IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. | 8.8 |
2024-02-02 | CVE-2023-46159 | Improper Input Validation vulnerability in IBM Storage Ceph 5.3Z1/5.3Z5/6.1Z1 IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. | 6.5 |
2024-02-02 | CVE-2024-22319 | Injection vulnerability in IBM Operational Decision Manager IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. | 9.8 |
2024-02-02 | CVE-2024-22320 | Deserialization of Untrusted Data vulnerability in IBM Operational Decision Manager IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. | 8.8 |