Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2024-03-31 CVE-2024-22353 Allocation of Resources Without Limits or Throttling vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request.
network
low complexity
ibm CWE-770
7.5
2024-03-14 CVE-2024-22346 Unspecified vulnerability in IBM I
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call.
local
low complexity
ibm
7.8
2024-03-14 CVE-2024-27266 XXE vulnerability in IBM Maximo Application Suite 7.6.1.3
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2024-02-12 CVE-2022-34309 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 11.1
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2024-02-10 CVE-2023-50957 Improper Privilege Management vulnerability in IBM Storage Defender Resiliency Service 2.0
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage.
network
low complexity
ibm CWE-269
7.2
2024-02-10 CVE-2024-22313 Use of Hard-coded Credentials vulnerability in IBM Storage Defender Resiliency Service 2.0
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
local
low complexity
ibm CWE-798
7.8
2024-02-10 CVE-2024-22361 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Semeru Runtime
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2024-02-09 CVE-2023-45187 Insufficient Session Expiration vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
8.8
2024-02-09 CVE-2023-45191 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2024-02-07 CVE-2023-38369 Weak Password Requirements vulnerability in IBM Security Access Manager Container
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5