Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-12 | CVE-2023-25927 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. | 7.5 |
| 2023-05-12 | CVE-2023-28522 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM API Connect 10.0.0.0/10.0.1.0/10.0.1.1 IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. | 8.8 |
| 2023-05-11 | CVE-2023-27870 | Information Exposure vulnerability in IBM Spectrum Virtualize 8.5 IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. | 7.5 |
| 2023-05-06 | CVE-2022-22313 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Qradar Data Synchronization 1.0/3.0.1 IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2023-05-05 | CVE-2023-26285 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM MQ Appliance IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. | 7.5 |
| 2023-05-04 | CVE-2023-23470 | SQL Injection vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. | 7.2 |
| 2023-05-04 | CVE-2023-24958 | Unspecified vulnerability in IBM products A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. | 8.8 |
| 2023-04-29 | CVE-2023-30441 | Unspecified vulnerability in IBM products IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. | 7.5 |
| 2023-04-29 | CVE-2022-41736 | Unspecified vulnerability in IBM Spectrum Scale Container Native Storage Access 5.1.2.1/5.1.4.1/5.1.6.0 IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. | 7.8 |
| 2023-04-28 | CVE-2023-26021 | Improper Input Validation vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. | 7.5 |