Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-22 | CVE-2023-42017 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. | 9.8 |
| 2023-12-20 | CVE-2023-35895 | Injection vulnerability in IBM Informix Jdbc 4.10/4.50 IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. | 9.8 |
| 2023-12-20 | CVE-2023-47702 | Path Traversal vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. | 9.1 |
| 2023-10-25 | CVE-2023-46158 | Insufficient Session Expiration vulnerability in IBM Websphere Application Server Liberty 23.0.0.10/23.0.0.9 IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. | 9.8 |
| 2023-10-23 | CVE-2022-22466 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-16 | CVE-2023-33836 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-14 | CVE-2022-32755 | XXE vulnerability in IBM products IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-10-06 | CVE-2023-43058 | Unspecified vulnerability in IBM products IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. | 9.8 |
| 2023-10-04 | CVE-2023-37404 | Unspecified vulnerability in IBM Observability With Instana 1.0.243/1.0.254 IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. | 9.8 |
| 2023-09-08 | CVE-2022-33164 | Path Traversal vulnerability in IBM Security Directory Server 7.2.0 IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. | 9.1 |