Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2023-50310 | Insufficiently Protected Credentials vulnerability in IBM Cics Transaction Gateway 9.2/9.3 IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 7.5 |
| 2024-10-16 | CVE-2024-49340 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Watson Studio Local 1.2.3 IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2024-10-15 | CVE-2024-45085 | Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. | 7.5 |
| 2024-09-25 | CVE-2021-38963 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. | 8.0 |
| 2024-09-25 | CVE-2022-43845 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 7.5 |
| 2024-09-07 | CVE-2024-37068 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Maximo Application Suite 8.10/8.11/9.0 IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques. | 7.5 |
| 2024-09-05 | CVE-2024-45097 | Interpretation Conflict vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | 7.1 |
| 2024-09-05 | CVE-2024-45098 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | 8.1 |
| 2024-09-04 | CVE-2024-45075 | Unspecified vulnerability in IBM Webmethods Integration 10.15 IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. | 8.8 |
| 2024-08-29 | CVE-2024-35133 | Open Redirect vulnerability in IBM products IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. | 8.2 |