Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-07 CVE-2023-47700 Unspecified vulnerability in IBM Storage Virtualize 8.6
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server.
network
low complexity
ibm
7.5
2024-02-03 CVE-2023-30999 Unspecified vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption.
network
low complexity
ibm
7.5
2024-02-03 CVE-2023-31005 Unspecified vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration.
local
low complexity
ibm
7.8
2024-02-03 CVE-2023-31006 Unspecified vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server.
network
low complexity
ibm
7.5
2024-02-03 CVE-2023-32327 Unspecified vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm
7.1
2024-02-03 CVE-2023-43016 Weak Password Requirements vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password.
network
low complexity
ibm CWE-521
7.3
2024-02-02 CVE-2023-38273 Unspecified vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm
7.5
2024-02-02 CVE-2023-47142 Unspecified vulnerability in IBM Tivoli Application Dependency Discovery Manager
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access.
low complexity
ibm
8.8
2024-02-02 CVE-2023-47148 Unspecified vulnerability in IBM Spectrum Protect Plus
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system.
network
low complexity
ibm
7.5
2024-02-02 CVE-2023-38263 Unspecified vulnerability in IBM Soar Qradar Plugin APP 1.0
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls.
network
low complexity
ibm
8.8