Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-32333 | Unspecified vulnerability in IBM Maximo Asset Management 7.6.1.3 IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. | 9.8 |
| 2024-02-02 | CVE-2023-50940 | Incorrect Comparison vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 9.8 |
| 2024-01-26 | CVE-2024-23619 | Use of Hard-coded Credentials vulnerability in IBM Merge Efilm Workstation 4.2 A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. | 9.8 |
| 2024-01-26 | CVE-2024-23621 | Classic Buffer Overflow vulnerability in IBM Merge Efilm Workstation 4.2 A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. | 9.8 |
| 2024-01-26 | CVE-2024-23622 | Out-of-bounds Write vulnerability in IBM Merge Efilm Workstation 4.2 A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. | 9.8 |
| 2024-01-18 | CVE-2024-22317 | Unspecified vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. | 9.1 |
| 2024-01-08 | CVE-2023-50948 | Use of Hard-coded Credentials vulnerability in IBM Storage Fusion HCI 2.1.0/2.6.1 IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-12-22 | CVE-2023-42017 | Unspecified vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. | 9.8 |
| 2023-12-20 | CVE-2023-35895 | Injection vulnerability in IBM Informix Jdbc 4.10/4.50 IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. | 9.8 |
| 2023-12-20 | CVE-2023-47702 | Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. | 9.1 |