Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2024-22320 | Deserialization of Untrusted Data vulnerability in IBM Operational Decision Manager IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. | 8.8 |
| 2024-02-02 | CVE-2023-50962 | Cleartext Transmission of Sensitive Information vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. | 7.5 |
| 2024-02-02 | CVE-2023-50326 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2024-02-02 | CVE-2023-50936 | Insufficient Session Expiration vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |
| 2024-02-02 | CVE-2023-50937 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-02-02 | CVE-2023-50939 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-01-26 | CVE-2024-23620 | Improper Privilege Management vulnerability in IBM Merge Efilm Workstation 4.2 An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. | 7.8 |
| 2024-01-22 | CVE-2023-47152 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. | 7.5 |
| 2024-01-22 | CVE-2023-45193 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. | 7.5 |
| 2024-01-19 | CVE-2023-47718 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |