Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2020-5002 | Improper Input Validation vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. | 8.8 |
| 2023-03-10 | CVE-2022-43902 | Unspecified vulnerability in IBM MQ Appliance IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. | 7.5 |
| 2023-03-10 | CVE-2023-24975 | Improper Input Validation vulnerability in IBM Spectrum Symphony 7.3.0 IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
| 2023-03-03 | CVE-2023-27290 | Unspecified vulnerability in IBM Observability With Instana Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. | 9.1 |
| 2023-03-02 | CVE-2022-35645 | Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-03-01 | CVE-2020-5001 | Path Traversal vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2023-03-01 | CVE-2020-5026 | Unspecified vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
| 2023-03-01 | CVE-2023-26281 | Unspecified vulnerability in IBM Http Server 8.5.0.0 IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. | 7.5 |
| 2023-02-27 | CVE-2022-40237 | Unspecified vulnerability in IBM MQ for HPE Nonstop 8.1.0 IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. | 7.5 |
| 2023-02-27 | CVE-2023-22860 | Unspecified vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. | 5.4 |