Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-45185 Unspecified vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code.
network
low complexity
ibm
8.8
2023-12-14 CVE-2023-45184 Insecure Storage of Sensitive Information vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks.
network
low complexity
ibm CWE-922
7.5
2023-12-14 CVE-2022-43843 Unspecified vulnerability in IBM Spectrum Scale 5.1.5.0/5.1.5.1
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm
7.5
2023-12-14 CVE-2023-43042 Unspecified vulnerability in IBM Storage Virtualize 8.3
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user.
network
low complexity
ibm
7.5
2023-12-13 CVE-2023-45166 Unspecified vulnerability in IBM AIX and Vios
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges.
local
low complexity
ibm
7.8
2023-12-13 CVE-2023-45170 Unspecified vulnerability in IBM AIX and Vios
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service.
local
low complexity
ibm
7.8
2023-12-13 CVE-2023-45174 Unspecified vulnerability in IBM AIX and Vios
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service.
local
low complexity
ibm
7.8
2023-12-09 CVE-2023-28523 Out-of-bounds Write vulnerability in IBM products
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code.
local
low complexity
ibm CWE-787
7.8
2023-12-04 CVE-2023-29258 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.
network
low complexity
ibm
7.5
2023-12-04 CVE-2023-38727 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement.
network
low complexity
ibm
7.5