Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-28 | CVE-2024-31912 | Unspecified vulnerability in IBM MQ 9.3.0 IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. | 8.8 |
| 2024-06-28 | CVE-2024-31919 | Allocation of Resources Without Limits or Throttling vulnerability in IBM MQ IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. | 7.5 |
| 2024-06-27 | CVE-2023-30997 | Unspecified vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. | 7.8 |
| 2024-06-27 | CVE-2023-30998 | Unspecified vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. | 7.8 |
| 2024-06-27 | CVE-2023-38371 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-06-27 | CVE-2024-31916 | Missing Authentication for Critical Function vulnerability in IBM Openbmc IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. | 7.5 |
| 2024-06-20 | CVE-2024-37532 | Improper Verification of Cryptographic Signature vulnerability in IBM Websphere Application Server 8.5.0.0/9.0.0.0 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. | 8.8 |
| 2024-06-19 | CVE-2024-38329 | Incorrect Authorization vulnerability in IBM Storage Protect for Virtual Environments IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. | 7.7 |
| 2024-06-15 | CVE-2024-27275 | Improper Authentication vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. | 7.8 |
| 2024-06-06 | CVE-2023-45192 | XXE vulnerability in IBM Doors Next 7.0.2/7.0.3 IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |