Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-23 | CVE-2023-43045 | Missing Authentication for Critical Function vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. | 7.5 |
| 2023-10-22 | CVE-2023-38276 | Cleartext Transmission of Sensitive Information vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. | 7.5 |
| 2023-10-22 | CVE-2023-38275 | Cleartext Transmission of Sensitive Information vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. | 7.5 |
| 2023-10-17 | CVE-2021-29913 | Improper Input Validation vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. | 7.1 |
| 2023-10-17 | CVE-2022-22375 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-10-17 | CVE-2022-22385 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. | 7.5 |
| 2023-10-17 | CVE-2023-40372 | Unspecified vulnerability in IBM DB2 11.5/11.5.5.0/11.5.6 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. | 7.5 |
| 2023-10-17 | CVE-2023-40373 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. | 7.5 |
| 2023-10-16 | CVE-2023-30991 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. | 7.5 |
| 2023-10-16 | CVE-2023-40374 | Unspecified vulnerability in IBM DB2 11.5/11.5.5.0/11.5.6 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. | 7.5 |