Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-15 | CVE-2022-33163 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Directory Suite VA 8.0.1 IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2023-06-15 | CVE-2022-33168 | Resource Exhaustion vulnerability in IBM Security Directory Suite VA 8.0.1 IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. | 7.5 |
| 2023-06-15 | CVE-2022-22307 | Incorrect Authorization vulnerability in IBM Security Guardium 11.3/11.4/11.5 IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. | 7.8 |
| 2023-06-15 | CVE-2023-25683 | Unspecified vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. | 7.5 |
| 2023-06-05 | CVE-2023-0041 | Insufficient Session Expiration vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. | 8.8 |
| 2023-06-05 | CVE-2023-22862 | Unspecified vulnerability in IBM Aspera Cargo and Aspera Connect IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 7.5 |
| 2023-06-05 | CVE-2023-27285 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Aspera Cargo and Aspera Connect IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. | 7.8 |
| 2023-05-31 | CVE-2023-26278 | Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1 IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. | 7.8 |
| 2023-05-31 | CVE-2023-26277 | Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1 IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. | 7.8 |
| 2023-05-30 | CVE-2023-32342 | Information Exposure Through Discrepancy vulnerability in IBM Http Server IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. | 7.5 |