Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-24 | CVE-2024-25034 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. | 8.8 |
| 2025-01-24 | CVE-2024-40693 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | 8.0 |
| 2025-01-22 | CVE-2024-31903 | Deserialization of Untrusted Data vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |
| 2025-01-17 | CVE-2024-52363 | Path Traversal vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2025-01-07 | CVE-2024-52367 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | 7.5 |
| 2025-01-04 | CVE-2024-41763 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2025-01-04 | CVE-2024-41766 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. | 7.5 |
| 2025-01-04 | CVE-2024-41767 | SQL Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. | 7.3 |
| 2024-12-30 | CVE-2024-54181 | OS Command Injection vulnerability in IBM Websphere Automation 1.7.5 IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. | 7.2 |
| 2024-12-19 | CVE-2024-35141 | Unspecified vulnerability in IBM Security Verify Access Docker IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. | 7.8 |