Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-10 | CVE-2024-31873 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. | 7.5 |
| 2024-04-06 | CVE-2024-22328 | Unspecified vulnerability in IBM Maximo Application Suite 8.10/8.11 IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2024-03-31 | CVE-2024-22353 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. | 7.5 |
| 2024-03-14 | CVE-2024-22346 | Unspecified vulnerability in IBM I Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. | 7.8 |
| 2024-03-14 | CVE-2024-27266 | Unspecified vulnerability in IBM Maximo Application Suite 7.6.1.3 IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2024-03-13 | CVE-2023-32335 | Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. | 7.5 |
| 2024-03-04 | CVE-2023-32331 | Classic Buffer Overflow vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. | 7.5 |
| 2024-03-03 | CVE-2023-27291 | Unspecified vulnerability in IBM Watson Cp4D Data Stores IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. | 7.5 |
| 2024-03-03 | CVE-2024-27255 | Unspecified vulnerability in IBM MQ Operator IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-02-29 | CVE-2023-38372 | Unspecified vulnerability in IBM Watson IOT Platform 1.0 An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. | 7.5 |