Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2025-01-17 CVE-2024-52363 Path Traversal vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2025-01-07 CVE-2024-52367 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.
network
low complexity
ibm CWE-497
7.5
2025-01-04 CVE-2024-41763 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2025-01-04 CVE-2024-41766 Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.
network
low complexity
ibm
7.5
2025-01-04 CVE-2024-41767 SQL Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.3
2024-12-30 CVE-2024-54181 OS Command Injection vulnerability in IBM Websphere Automation 1.7.5
IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code.
network
low complexity
ibm CWE-78
7.2
2024-12-19 CVE-2024-35141 Unspecified vulnerability in IBM Security Verify Access Docker
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.
local
low complexity
ibm
7.8
2024-12-17 CVE-2024-49819 Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
network
low complexity
ibm CWE-319
7.5
2024-12-07 CVE-2024-47115 OS Command Injection vulnerability in IBM AIX and Vios
IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.
local
low complexity
ibm CWE-78
7.8
2024-12-03 CVE-2024-41775 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cognos Controller 11.0.0/11.0.1
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5