Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-03 | CVE-2023-38724 | Unspecified vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. | 9.8 |
| 2024-03-21 | CVE-2023-35899 | Unspecified vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. | 9.8 |
| 2024-03-07 | CVE-2023-46172 | Unspecified vulnerability in IBM Ds8900F Firmware IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow a remote attacker to bypass authentication restrictions for authorized user. | 9.8 |
| 2024-02-23 | CVE-2022-43842 | Unspecified vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. | 9.1 |
| 2024-02-17 | CVE-2022-42443 | Unspecified vulnerability in IBM products An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. | 9.8 |
| 2024-02-07 | CVE-2023-32328 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. | 9.8 |
| 2024-02-07 | CVE-2023-32330 | Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. | 9.8 |
| 2024-02-03 | CVE-2023-31004 | Unspecified vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. | 9.0 |
| 2024-02-02 | CVE-2023-47143 | Improper Encoding or Escaping of Output vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
| 2024-02-02 | CVE-2024-22319 | Unspecified vulnerability in IBM Operational Decision Manager IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. | 9.8 |