Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-06 | CVE-2023-43058 | Unspecified vulnerability in IBM products IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. | 9.8 |
| 2023-10-04 | CVE-2023-37404 | Unspecified vulnerability in IBM Observability With Instana 1.0.243/1.0.254 IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. | 9.8 |
| 2023-09-08 | CVE-2022-33164 | Path Traversal vulnerability in IBM Security Directory Server 7.2.0 IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. | 9.1 |
| 2023-09-05 | CVE-2023-35892 | XXE vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-08-28 | CVE-2023-26270 | Cross-site Scripting vulnerability in IBM Guardium Cloud KEY Manager IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. | 9.8 |
| 2023-08-22 | CVE-2023-38734 | Improper Privilege Management vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. | 9.8 |
| 2023-08-02 | CVE-2022-40609 | Deserialization of Untrusted Data vulnerability in IBM SDK IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. | 9.8 |
| 2023-07-04 | CVE-2023-30990 | Code Injection vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. | 9.8 |
| 2023-06-28 | CVE-2023-27866 | Code Injection vulnerability in IBM Informix Jdbc Driver 4.10 IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. | 9.8 |
| 2023-06-08 | CVE-2023-23482 | Unspecified vulnerability in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. | 9.6 |