Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2023-24960 Unspecified vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
7.5
2023-02-17 CVE-2022-40232 Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls.
network
low complexity
ibm CWE-276
8.8
2023-02-17 CVE-2022-41734 Cleartext Storage of Sensitive Information vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-312
7.5
2023-02-17 CVE-2022-43930 Information Exposure Through Log Files vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file.
network
low complexity
ibm CWE-532
7.5
2023-02-17 CVE-2022-43927 Improper Privilege Management vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used.
network
low complexity
ibm CWE-269
7.5
2023-02-17 CVE-2022-43929 Unspecified vulnerability in IBM DB2 11.1/11.5
IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command.
network
low complexity
ibm
7.5
2023-02-08 CVE-2022-34350 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-20
7.5
2023-02-08 CVE-2022-42438 Forced Browsing vulnerability in IBM Cloud PAK for Multicloud Management Monitoring
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths.
network
low complexity
ibm CWE-425
8.8
2023-01-26 CVE-2022-43864 Unspecified vulnerability in IBM Business Automation Workflow and Business Monitor
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
7.5
2023-01-26 CVE-2022-43917 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information.
network
low complexity
ibm CWE-327
7.5