Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-43018 Improper Privilege Management vulnerability in IBM Cics TX 10.1/11.1
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
network
low complexity
ibm CWE-269
7.5
2023-10-29 CVE-2023-40685 Improper Privilege Management vulnerability in IBM I
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability.
local
low complexity
ibm CWE-269
7.8
2023-10-29 CVE-2023-40686 Improper Privilege Management vulnerability in IBM I
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability.
local
low complexity
ibm CWE-269
7.8
2023-10-23 CVE-2023-33837 Unspecified vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission.
network
low complexity
ibm
7.5
2023-10-23 CVE-2023-33839 OS Command Injection vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
2023-10-23 CVE-2023-43045 Missing Authentication for Critical Function vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication.
network
low complexity
ibm CWE-306
7.5
2023-10-22 CVE-2023-38276 Cleartext Transmission of Sensitive Information vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system.
network
low complexity
ibm CWE-319
7.5
2023-10-22 CVE-2023-38275 Cleartext Transmission of Sensitive Information vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system.
network
low complexity
ibm CWE-319
7.5
2023-10-17 CVE-2021-29913 Improper Input Validation vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation.
network
low complexity
ibm CWE-20
7.1
2023-10-17 CVE-2022-22375 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-434
8.8