Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2021-38933 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect:Express for Unix 1.5.0
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2023-07-19 CVE-2023-26023 Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.
network
low complexity
ibm CWE-532
7.5
2023-07-19 CVE-2023-26026 Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.
network
low complexity
ibm CWE-532
7.5
2023-07-19 CVE-2023-27877 Improper Authentication vulnerability in IBM Cloud PAK for Data 4.0
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server.
network
low complexity
ibm CWE-287
7.5
2023-07-19 CVE-2023-28513 Unspecified vulnerability in IBM MQ and MQ Appliance
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.
network
low complexity
ibm
7.5
2023-07-16 CVE-2023-30988 Unspecified vulnerability in IBM I
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
2023-07-16 CVE-2023-30989 Unspecified vulnerability in IBM I
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
2023-07-10 CVE-2023-27540 Allocation of Resources Without Limits or Throttling vulnerability in IBM Cloud PAK for Data and Watson Cp4D Data Stores
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service.
network
low complexity
ibm CWE-770
7.5
2023-07-10 CVE-2023-27558 Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path.
local
low complexity
ibm CWE-269
7.8
2023-07-10 CVE-2023-27867 Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection.
network
low complexity
ibm CWE-94
8.8