Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-07 CVE-2023-32330 Improper Certificate Validation vulnerability in IBM Security Verify Access
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server.
network
low complexity
ibm CWE-295
critical
9.8
2024-02-07 CVE-2023-32328 Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Access
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server.
network
low complexity
ibm CWE-319
critical
9.8
2024-02-03 CVE-2023-31004 Man-in-the-Middle vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques.
network
high complexity
ibm CWE-300
critical
9.0
2024-02-02 CVE-2023-47143 Improper Encoding or Escaping of Output vulnerability in IBM Tivoli Application Dependency Discovery Manager
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
critical
9.8
2024-02-02 CVE-2024-22319 Injection vulnerability in IBM Operational Decision Manager
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API.
network
low complexity
ibm CWE-74
critical
9.8
2024-02-02 CVE-2023-32333 Improper Access Control vulnerability in IBM Maximo Asset Management 7.6.1.3
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls.
network
low complexity
ibm CWE-284
critical
9.8
2024-02-02 CVE-2023-50940 Incorrect Comparison vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
network
low complexity
ibm CWE-697
critical
9.8
2024-01-26 CVE-2024-23622 Out-of-bounds Write vulnerability in IBM Merge Efilm Workstation 4.2
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server.
network
low complexity
ibm CWE-787
critical
9.8
2024-01-26 CVE-2024-23621 Classic Buffer Overflow vulnerability in IBM Merge Efilm Workstation 4.2
A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server.
network
low complexity
ibm CWE-120
critical
9.8
2024-01-26 CVE-2024-23619 Use of Hard-coded Credentials vulnerability in IBM Merge Efilm Workstation 4.2
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation.
network
low complexity
ibm CWE-798
critical
9.8