Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2023-38738 | Storing Passwords in a Recoverable Format vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. | 8.1 |
| 2024-01-19 | CVE-2023-40683 | Permissions, Privileges, and Access Controls vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. | 8.8 |
| 2024-01-11 | CVE-2023-31003 | Link Following vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. | 7.8 |
| 2024-01-08 | CVE-2023-47140 | Unspecified vulnerability in IBM Cics Transaction Gateway 9.3 IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. | 8.1 |
| 2024-01-07 | CVE-2023-47145 | Unspecified vulnerability in IBM DB2 IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. | 7.8 |
| 2023-12-25 | CVE-2023-43064 | Uncontrolled Search Path Element vulnerability in IBM I Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. | 7.8 |
| 2023-12-25 | CVE-2023-49880 | Unspecified vulnerability in IBM Financial Transaction Manager 3.2.4 In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. | 7.5 |
| 2023-12-20 | CVE-2023-47704 | Use of Hard-coded Credentials vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. | 7.5 |
| 2023-12-20 | CVE-2023-47706 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. | 8.8 |
| 2023-12-18 | CVE-2023-46177 | Path Traversal vulnerability in IBM MQ Appliance 9.3.0.0 IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. | 7.5 |