Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-05 | CVE-2024-45098 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | 8.1 |
| 2024-09-04 | CVE-2024-45075 | Unspecified vulnerability in IBM Webmethods Integration 10.15 IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. | 8.8 |
| 2024-08-29 | CVE-2024-35133 | Open Redirect vulnerability in IBM products IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. | 8.2 |
| 2024-08-24 | CVE-2022-43915 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. | 8.1 |
| 2024-08-22 | CVE-2024-39745 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-08-14 | CVE-2023-50314 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. | 7.5 |
| 2024-08-14 | CVE-2024-28799 | Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. | 7.5 |
| 2024-08-13 | CVE-2024-35124 | Missing Authentication for Critical Function vulnerability in IBM Openbmc A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. | 7.5 |
| 2024-08-13 | CVE-2024-40697 | Weak Password Requirements vulnerability in IBM Common Licensing 9.0 IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2024-07-30 | CVE-2022-33167 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 7.5 |