Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-25924 Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization.
network
low complexity
ibm CWE-863
8.8
2023-03-21 CVE-2023-25923 Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization.
network
low complexity
ibm CWE-863
7.5
2023-03-21 CVE-2023-27871 SQL Injection vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query.
network
low complexity
ibm CWE-89
7.5
2023-03-21 CVE-2023-27874 XXE vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.8
2023-03-16 CVE-2023-27875 Unspecified vulnerability in IBM Aspera Faspex 5.0.4
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls.
network
low complexity
ibm
7.5
2023-03-15 CVE-2020-4927 Unspecified vulnerability in IBM Spectrum Scale
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol.
network
low complexity
ibm
8.2
2023-03-15 CVE-2023-26284 Unspecified vulnerability in IBM MQ Certified Container
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls.
network
low complexity
ibm
8.8
2023-03-10 CVE-2020-5002 Improper Input Validation vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation.
network
low complexity
ibm CWE-20
8.8
2023-03-10 CVE-2022-43902 Unspecified vulnerability in IBM MQ Appliance
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages.
network
low complexity
ibm
7.5
2023-03-01 CVE-2020-5001 Path Traversal vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5