Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-14 | CVE-2023-35024 | Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. | 7.6 |
2023-10-14 | CVE-2022-33165 | Path Traversal vulnerability in IBM Security Directory Integrator 7.2.0 IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. | 7.5 |
2023-10-06 | CVE-2022-33160 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Directory Suite VA 8.0.1 IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2023-10-06 | CVE-2023-35897 | Uncontrolled Search Path Element vulnerability in IBM Storage Protect and Storage Protect Client IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. | 7.8 |
2023-10-04 | CVE-2022-22447 | Unspecified vulnerability in IBM Disconnected LOG Collector 1.0/1.8.2 IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. | 7.5 |
2023-09-28 | CVE-2023-40375 | Improper Privilege Management vulnerability in IBM I Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. | 7.8 |
2023-09-28 | CVE-2023-43044 | Path Traversal vulnerability in IBM License Metric Tool IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. | 7.5 |
2023-09-20 | CVE-2023-37410 | Unspecified vulnerability in IBM Person Communications 14.0.5/14.0.6/15.0.0 IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. | 7.8 |
2023-09-08 | CVE-2022-22401 | Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. | 7.5 |
2023-09-08 | CVE-2023-30995 | Incorrect Authorization vulnerability in IBM Aspera Faspex IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. | 7.5 |