Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2024-22320 Unspecified vulnerability in IBM Operational Decision Manager
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization.
network
low complexity
ibm
8.8
2024-02-02 CVE-2023-50962 Cleartext Transmission of Sensitive Information vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism.
network
low complexity
ibm CWE-319
7.5
2024-02-02 CVE-2023-50326 Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm
7.5
2024-02-02 CVE-2023-50936 Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm
8.8
2024-02-02 CVE-2023-50937 Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm
7.5
2024-02-02 CVE-2023-50939 Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm
7.5
2024-01-26 CVE-2024-23620 Improper Privilege Management vulnerability in IBM Merge Efilm Workstation 4.2
An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation.
local
low complexity
ibm CWE-269
7.8
2024-01-22 CVE-2023-47152 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.
network
low complexity
ibm
7.5
2024-01-22 CVE-2023-45193 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.
network
low complexity
ibm
7.5
2024-01-19 CVE-2023-47718 Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm
8.8