Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-28 | CVE-2023-40375 | Improper Privilege Management vulnerability in IBM I Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. | 7.8 |
| 2023-09-28 | CVE-2023-43044 | Path Traversal vulnerability in IBM License Metric Tool IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2023-09-20 | CVE-2023-37410 | Unspecified vulnerability in IBM Person Communications 14.0.5/14.0.6/15.0.0 IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. | 7.8 |
| 2023-09-08 | CVE-2022-22401 | Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. | 7.5 |
| 2023-09-08 | CVE-2023-30995 | Incorrect Authorization vulnerability in IBM Aspera Faspex IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. | 7.5 |
| 2023-09-08 | CVE-2023-38736 | Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1/10.1.6 IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. | 7.8 |
| 2023-09-05 | CVE-2023-35906 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. | 7.5 |
| 2023-08-31 | CVE-2023-33835 | Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 10.0.4/10.0.5 IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. | 7.5 |
| 2023-08-28 | CVE-2023-22877 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. | 8.8 |
| 2023-08-28 | CVE-2023-23473 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |