Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-15 | CVE-2022-22307 | Incorrect Authorization vulnerability in IBM Security Guardium 11.3/11.4/11.5 IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. | 7.8 |
| 2023-06-15 | CVE-2023-25683 | Unspecified vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. | 7.5 |
| 2023-06-05 | CVE-2023-0041 | Insufficient Session Expiration vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. | 8.8 |
| 2023-06-05 | CVE-2023-22862 | Unprotected Transport of Credentials vulnerability in IBM Aspera Cargo and Aspera Connect IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 7.5 |
| 2023-06-05 | CVE-2023-27285 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Aspera Cargo and Aspera Connect IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. | 7.8 |
| 2023-05-31 | CVE-2023-26278 | Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1 IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. | 7.8 |
| 2023-05-31 | CVE-2023-26277 | Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1 IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. | 7.8 |
| 2023-05-30 | CVE-2023-32342 | Information Exposure Through Discrepancy vulnerability in IBM Http Server IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. | 7.5 |
| 2023-05-23 | CVE-2023-30440 | Improper Input Validation vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. | 7.9 |
| 2023-05-17 | CVE-2023-30438 | Unspecified vulnerability in IBM Powervm Hypervisor An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. | 8.8 |