Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-43177 | Improper Certificate Validation vulnerability in IBM Concert 1.0.0/1.0.1 IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | 9.8 |
| 2024-09-04 | CVE-2024-45076 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Webmethods Integration 10.15 IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. | 9.9 |
| 2024-08-31 | CVE-2024-39747 | Unspecified vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. | 9.8 |
| 2024-08-16 | CVE-2022-33162 | Unspecified vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. | 9.8 |
| 2024-08-04 | CVE-2024-35143 | Missing Authentication for Critical Function vulnerability in IBM products IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. | 9.1 |
| 2024-07-26 | CVE-2024-40689 | SQL Injection vulnerability in IBM products IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. | 9.8 |
| 2024-07-15 | CVE-2024-39736 | Improper Encoding or Escaping of Output vulnerability in IBM Datacap and Datacap Navigator IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
| 2024-07-08 | CVE-2024-39742 | Incorrect Comparison vulnerability in IBM MQ Operator IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. | 9.8 |
| 2024-02-07 | CVE-2023-32328 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. | 9.8 |
| 2024-02-07 | CVE-2023-32330 | Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. | 9.8 |