Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-23 | CVE-2023-30440 | Unspecified vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. | 7.9 |
| 2023-05-17 | CVE-2023-30438 | Unspecified vulnerability in IBM Powervm Hypervisor An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. | 8.8 |
| 2023-05-12 | CVE-2023-25927 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. | 7.5 |
| 2023-05-12 | CVE-2023-28522 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM API Connect 10.0.0.0/10.0.1.0/10.0.1.1 IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. | 8.8 |
| 2023-05-06 | CVE-2022-22313 | Unspecified vulnerability in IBM Qradar Data Synchronization 1.0/3.0.1 IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2023-05-04 | CVE-2023-24958 | Out-of-bounds Write vulnerability in IBM products A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. | 8.8 |
| 2023-04-29 | CVE-2023-30441 | Unspecified vulnerability in IBM products IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. | 7.5 |
| 2023-04-29 | CVE-2022-41736 | Unspecified vulnerability in IBM Spectrum Scale Container Native Storage Access 5.1.2.1/5.1.4.1/5.1.6.0 IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. | 7.8 |
| 2023-04-28 | CVE-2023-26021 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. | 7.5 |
| 2023-04-28 | CVE-2023-26022 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. | 7.5 |