Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-17 | CVE-2024-52363 | Path Traversal vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2025-01-07 | CVE-2024-52367 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | 7.5 |
| 2025-01-04 | CVE-2024-41763 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2025-01-04 | CVE-2024-41766 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. | 7.5 |
| 2025-01-04 | CVE-2024-41767 | SQL Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. | 7.3 |
| 2024-12-30 | CVE-2024-54181 | OS Command Injection vulnerability in IBM Websphere Automation 1.7.5 IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. | 7.2 |
| 2024-12-19 | CVE-2024-35141 | Unspecified vulnerability in IBM Security Verify Access Docker IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. | 7.8 |
| 2024-12-17 | CVE-2024-49819 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | 7.5 |
| 2024-12-07 | CVE-2024-47115 | OS Command Injection vulnerability in IBM AIX and Vios IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. | 7.8 |
| 2024-12-03 | CVE-2024-41775 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |