Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-07 CVE-2024-37068 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Maximo Application Suite 8.10/8.11/9.0
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.
network
low complexity
ibm CWE-327
7.5
2024-09-05 CVE-2024-45097 Interpretation Conflict vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
network
low complexity
ibm CWE-436
7.1
2024-09-05 CVE-2024-45098 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
network
low complexity
ibm
8.1
2024-09-04 CVE-2024-45075 Unspecified vulnerability in IBM Webmethods Integration 10.15
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
network
low complexity
ibm
8.8
2024-08-29 CVE-2024-35133 Open Redirect vulnerability in IBM products
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
8.2
2024-08-24 CVE-2022-43915 Incorrect Permission Assignment for Critical Resource vulnerability in IBM APP Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.
network
low complexity
ibm CWE-732
8.1
2024-08-22 CVE-2024-39745 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect Direct web Services
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2024-08-14 CVE-2023-50314 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.
network
low complexity
ibm
7.5
2024-08-14 CVE-2024-28799 Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information.
network
low complexity
ibm
7.5
2024-08-13 CVE-2024-35124 Missing Authentication for Critical Function vulnerability in IBM Openbmc
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC.
network
high complexity
ibm CWE-306
7.5