Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-07 | CVE-2024-37068 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Maximo Application Suite 8.10/8.11/9.0 IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques. | 7.5 |
2024-09-05 | CVE-2024-45097 | Interpretation Conflict vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | 7.1 |
2024-09-05 | CVE-2024-45098 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | 8.1 |
2024-09-04 | CVE-2024-45075 | Unspecified vulnerability in IBM Webmethods Integration 10.15 IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. | 8.8 |
2024-08-29 | CVE-2024-35133 | Open Redirect vulnerability in IBM products IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. | 8.2 |
2024-08-24 | CVE-2022-43915 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. | 8.1 |
2024-08-22 | CVE-2024-39745 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2024-08-14 | CVE-2023-50314 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. | 7.5 |
2024-08-14 | CVE-2024-28799 | Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. | 7.5 |
2024-08-13 | CVE-2024-35124 | Missing Authentication for Critical Function vulnerability in IBM Openbmc A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. | 7.5 |