Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-29 | CVE-2023-35907 | Weak Password Requirements vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2025-01-29 | CVE-2023-37398 | Weak Password Requirements vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2025-01-28 | CVE-2023-50316 | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. | 9.8 |
| 2025-01-20 | CVE-2024-45647 | Unspecified vulnerability in IBM products IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password. | 9.8 |
| 2024-12-25 | CVE-2024-39727 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. | 9.8 |
| 2024-12-03 | CVE-2024-25020 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. | 9.8 |
| 2024-12-03 | CVE-2024-25019 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. | 9.8 |
| 2024-12-03 | CVE-2024-40691 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | 9.8 |
| 2024-11-29 | CVE-2024-49805 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2024-11-29 | CVE-2024-49806 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |