Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-35892 | XXE vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-08-28 | CVE-2023-26270 | Cross-site Scripting vulnerability in IBM Guardium Cloud KEY Manager IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. | 9.8 |
| 2023-08-22 | CVE-2023-38734 | Improper Privilege Management vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. | 9.8 |
| 2023-08-02 | CVE-2022-40609 | Deserialization of Untrusted Data vulnerability in IBM SDK IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. | 9.8 |
| 2023-07-04 | CVE-2023-30990 | Code Injection vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. | 9.8 |
| 2023-06-28 | CVE-2023-27866 | Code Injection vulnerability in IBM Informix Jdbc Driver 4.10 IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. | 9.8 |
| 2023-06-08 | CVE-2023-23482 | Unspecified vulnerability in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. | 9.6 |
| 2023-05-22 | CVE-2023-32336 | Deserialization of Untrusted Data vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. | 9.8 |
| 2023-05-19 | CVE-2022-47984 | SQL Injection vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. | 9.8 |
| 2023-05-11 | CVE-2023-27554 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |