Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2023-46186 | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3.20 IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. | 7.5 |
| 2024-02-12 | CVE-2022-34309 | Unspecified vulnerability in IBM Cics TX 11.1 IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-02-12 | CVE-2022-34310 | Unspecified vulnerability in IBM Cics TX 11.1/11.1.0.0 IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-02-10 | CVE-2023-50957 | Unspecified vulnerability in IBM Storage Defender Resiliency Service 2.0 IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. | 7.2 |
| 2024-02-10 | CVE-2024-22313 | Unspecified vulnerability in IBM Storage Defender Resiliency Service 2.0 IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
| 2024-02-10 | CVE-2024-22361 | Unspecified vulnerability in IBM Semeru Runtime IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-02-09 | CVE-2023-45187 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |
| 2024-02-09 | CVE-2023-45191 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2024-02-07 | CVE-2023-38369 | Unspecified vulnerability in IBM Security Access Manager Container IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2024-02-07 | CVE-2023-43017 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. | 7.2 |