Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-20 CVE-2024-45647 Unspecified vulnerability in IBM products
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.
network
low complexity
ibm
critical
 9.8
9.8
2024-12-25 CVE-2024-39727 Unspecified vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site.
network
low complexity
ibm
critical
 9.8
9.8
2024-12-03 CVE-2024-25020 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page.
network
low complexity
ibm CWE-434
critical
 9.8
9.8
2024-12-03 CVE-2024-25019 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments.
network
low complexity
ibm CWE-434
critical
 9.8
9.8
2024-12-03 CVE-2024-40691 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
network
low complexity
ibm CWE-434
critical
 9.8
9.8
2024-11-29 CVE-2024-49805 Use of Hard-coded Credentials vulnerability in IBM Security Verify Access
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2024-11-29 CVE-2024-49806 Use of Hard-coded Credentials vulnerability in IBM Security Verify Access
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2024-10-22 CVE-2024-43177 Improper Certificate Validation vulnerability in IBM Concert 1.0.0/1.0.1
IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
network
low complexity
ibm CWE-295
critical
 9.8
9.8
2024-09-04 CVE-2024-45076 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Webmethods Integration 10.15
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
network
low complexity
ibm CWE-434
critical
 9.9
9.9
2024-08-31 CVE-2024-39747 Unspecified vulnerability in IBM Sterling Connect Direct web Services
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
network
low complexity
ibm
critical
 9.8
9.8