Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-15 CVE-2024-27275 Unspecified vulnerability in IBM I
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement.
local
low complexity
ibm
7.8
2024-06-06 CVE-2023-45192 Unspecified vulnerability in IBM Doors Next 7.0.2/7.0.3
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm
8.2
2024-04-19 CVE-2023-37400 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage.
local
low complexity
ibm
7.8
2024-03-31 CVE-2024-22353 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request.
network
low complexity
ibm
7.5
2024-03-14 CVE-2024-22346 Unspecified vulnerability in IBM I
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call.
local
low complexity
ibm
7.8
2024-03-14 CVE-2024-27266 Unspecified vulnerability in IBM Maximo Application Suite 7.6.1.3
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm
8.2
2024-02-29 CVE-2023-25921 Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
network
low complexity
ibm
8.8
2024-02-29 CVE-2023-25926 Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm
8.2
2024-02-28 CVE-2023-25922 Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
network
low complexity
ibm
8.8
2024-02-28 CVE-2023-25925 Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm
8.8