Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-37410 | Unspecified vulnerability in IBM Person Communications 14.0.5/14.0.6/15.0.0 IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. | 7.8 |
| 2023-09-08 | CVE-2022-22401 | Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. | 7.5 |
| 2023-09-08 | CVE-2023-30995 | Incorrect Authorization vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. | 7.5 |
| 2023-09-08 | CVE-2023-38736 | Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1 IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. | 7.8 |
| 2023-09-05 | CVE-2023-35906 | Insufficient Verification of Data Authenticity vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. | 7.5 |
| 2023-08-31 | CVE-2023-33835 | Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 10.0.4/10.0.5 IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. | 7.5 |
| 2023-08-28 | CVE-2023-22877 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. | 8.8 |
| 2023-08-28 | CVE-2023-23473 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2023-08-28 | CVE-2023-24959 | Unspecified vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. | 7.5 |
| 2023-08-28 | CVE-2023-26271 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Guardium Cloud KEY Manager IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |