Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-16 | CVE-2023-38737 | Resource Exhaustion vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. | 7.5 |
| 2023-08-14 | CVE-2023-38721 | Unspecified vulnerability in IBM I The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. | 7.8 |
| 2023-08-14 | CVE-2023-38741 | Unspecified vulnerability in IBM Txseries for Multiplatform 8.1/8.2/9.1 IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. | 7.5 |
| 2023-07-31 | CVE-2022-43831 | Unspecified vulnerability in IBM Spectrum Scale Container Native Storage Access 5.1.2.1/5.1.4.1/5.1.6.0 IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. | 7.8 |
| 2023-07-31 | CVE-2023-35019 | OS Command Injection vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-07-19 | CVE-2022-43910 | Improper Preservation of Permissions vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. | 7.8 |
| 2023-07-19 | CVE-2021-38933 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2023-07-19 | CVE-2023-26023 | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0 Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. | 7.5 |
| 2023-07-19 | CVE-2023-26026 | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0 Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. | 7.5 |
| 2023-07-19 | CVE-2023-27877 | Improper Authentication vulnerability in IBM Cloud PAK for Data 4.0 IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. | 7.5 |