Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-14 CVE-2023-35024 Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
7.6
2023-10-14 CVE-2022-33165 Path Traversal vulnerability in IBM Security Directory Integrator 7.2.0
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2023-10-06 CVE-2022-33160 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Directory Suite VA 8.0.1
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2023-10-06 CVE-2023-35897 Uncontrolled Search Path Element vulnerability in IBM Storage Protect and Storage Protect Client
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw.
local
low complexity
ibm CWE-427
7.8
2023-10-04 CVE-2022-22447 Unspecified vulnerability in IBM Disconnected LOG Collector 1.0/1.8.2
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information.
network
low complexity
ibm
7.5
2023-09-28 CVE-2023-40375 Improper Privilege Management vulnerability in IBM I
Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability.
local
low complexity
ibm CWE-269
7.8
2023-09-28 CVE-2023-43044 Path Traversal vulnerability in IBM License Metric Tool
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2023-09-20 CVE-2023-37410 Unspecified vulnerability in IBM Person Communications 14.0.5/14.0.6/15.0.0
IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls.
local
low complexity
ibm
7.8
2023-09-08 CVE-2022-22401 Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information.
network
low complexity
ibm CWE-311
7.5
2023-09-08 CVE-2023-30995 Incorrect Authorization vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request.
network
low complexity
ibm CWE-863
7.5