Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-17 | CVE-2023-24960 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. | 7.5 |
2023-02-17 | CVE-2022-40232 | Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. | 8.8 |
2023-02-17 | CVE-2022-41734 | Cleartext Storage of Sensitive Information vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
2023-02-17 | CVE-2022-43930 | Information Exposure Through Log Files vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. | 7.5 |
2023-02-17 | CVE-2022-43927 | Improper Privilege Management vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. | 7.5 |
2023-02-17 | CVE-2022-43929 | Unspecified vulnerability in IBM DB2 11.1/11.5 IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. | 7.5 |
2023-02-08 | CVE-2022-34350 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. | 7.5 |
2023-02-08 | CVE-2022-42438 | Forced Browsing vulnerability in IBM Cloud PAK for Multicloud Management Monitoring IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. | 8.8 |
2023-01-26 | CVE-2022-43864 | Unspecified vulnerability in IBM Business Automation Workflow and Business Monitor IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. | 7.5 |
2023-01-26 | CVE-2022-43917 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. | 7.5 |