Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-20 | CVE-2023-47702 | Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. | 9.1 |
| 2023-10-25 | CVE-2023-46158 | Insufficient Session Expiration vulnerability in IBM Websphere Application Server Liberty 23.0.0.10/23.0.0.9 IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. | 9.8 |
| 2023-10-23 | CVE-2022-22466 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-16 | CVE-2023-33836 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-14 | CVE-2022-32755 | XXE vulnerability in IBM products IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-10-06 | CVE-2023-43058 | Unspecified vulnerability in IBM products IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. | 9.8 |
| 2023-10-04 | CVE-2023-37404 | Unspecified vulnerability in IBM Observability With Instana 1.0.243/1.0.254 IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. | 9.8 |
| 2023-09-08 | CVE-2022-33164 | Path Traversal vulnerability in IBM Security Directory Server 7.2.0 IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. | 9.1 |
| 2023-09-05 | CVE-2023-35892 | XXE vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-08-28 | CVE-2023-26270 | Cross-site Scripting vulnerability in IBM Guardium Cloud KEY Manager IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. | 9.8 |