Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-38736 Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1/10.1.6
IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions.
local
low complexity
ibm
7.8
2023-09-05 CVE-2023-35906 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls.
network
low complexity
ibm
7.5
2023-08-31 CVE-2023-33835 Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 10.0.4/10.0.5
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
ibm CWE-209
7.5
2023-08-28 CVE-2023-22877 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection.
network
low complexity
ibm CWE-1236
8.8
2023-08-28 CVE-2023-23473 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2023-08-28 CVE-2023-24959 Unspecified vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration.
network
low complexity
ibm
7.5
2023-08-28 CVE-2023-26271 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Guardium Cloud KEY Manager
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2023-08-28 CVE-2022-43904 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium 11.3/11.4
IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts.
network
low complexity
ibm CWE-307
7.5
2023-08-27 CVE-2022-43907 OS Command Injection vulnerability in IBM Security Guardium 11.4
IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
2023-08-27 CVE-2023-38730 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Storage Copy Data Management
IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5