Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-15 CVE-2023-25683 Unspecified vulnerability in IBM Powervm Hypervisor
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC.
network
low complexity
ibm
7.5
2023-06-05 CVE-2023-0041 Insufficient Session Expiration vulnerability in IBM Security Guardium 11.5
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration.
network
low complexity
ibm CWE-613
8.8
2023-06-05 CVE-2023-22862 Unspecified vulnerability in IBM Aspera Cargo and Aspera Connect
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
network
low complexity
ibm
7.5
2023-06-05 CVE-2023-27285 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Aspera Cargo and Aspera Connect
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking.
local
low complexity
ibm CWE-119
7.8
2023-05-31 CVE-2023-26278 Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1
IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system.
local
low complexity
ibm
7.8
2023-05-31 CVE-2023-26277 Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1
IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges.
local
low complexity
ibm
7.8
2023-05-30 CVE-2023-32342 Information Exposure Through Discrepancy vulnerability in IBM Http Server
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation.
network
low complexity
ibm CWE-203
7.5
2023-05-23 CVE-2023-30440 Unspecified vulnerability in IBM Powervm Hypervisor
IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption.
local
low complexity
ibm
7.9
2023-05-17 CVE-2023-30438 Unspecified vulnerability in IBM Powervm Hypervisor
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.
local
low complexity
ibm
8.8
2023-05-12 CVE-2023-25927 Unspecified vulnerability in IBM Security Verify Access
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system.
network
low complexity
ibm
7.5