Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2023-25921 | Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1 IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. | 8.8 |
| 2024-02-29 | CVE-2023-25926 | Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1 IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2024-02-28 | CVE-2023-25922 | Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1 IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. | 8.8 |
| 2024-02-28 | CVE-2023-25925 | Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.1.0/4.1.0.1/4.1.1 IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2024-02-17 | CVE-2022-41738 | Unspecified vulnerability in IBM Spectrum Scale Container Native Storage Access 5.1.2.1/5.1.4.1/5.1.6.0 IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. | 7.5 |
| 2024-02-14 | CVE-2023-46186 | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3.20 IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. | 7.5 |
| 2024-02-12 | CVE-2022-34309 | Unspecified vulnerability in IBM Cics TX 11.1 IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-02-12 | CVE-2022-34310 | Unspecified vulnerability in IBM Cics TX 11.1/11.1.0.0 IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-02-10 | CVE-2023-50957 | Unspecified vulnerability in IBM Storage Defender Resiliency Service 2.0 IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. | 7.2 |
| 2024-02-10 | CVE-2024-22313 | Unspecified vulnerability in IBM Storage Defender Resiliency Service 2.0 IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |