Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2023-38738 Unspecified vulnerability in IBM Openpages With Watson 9.0
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication.
network
low complexity
ibm
8.1
2024-01-19 CVE-2023-40683 Unspecified vulnerability in IBM Openpages With Watson 9.0
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks.
network
low complexity
ibm
8.8
2024-01-11 CVE-2023-31003 Link Following vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls.
local
low complexity
ibm CWE-59
7.8
2024-01-08 CVE-2023-47140 Unspecified vulnerability in IBM Cics Transaction Gateway 9.3
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls.
network
low complexity
ibm
8.1
2024-01-07 CVE-2023-47145 Unspecified vulnerability in IBM DB2
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality.
local
low complexity
ibm
7.8
2023-12-25 CVE-2023-43064 Unspecified vulnerability in IBM I
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call.
local
low complexity
ibm
7.8
2023-12-25 CVE-2023-49880 Unspecified vulnerability in IBM Financial Transaction Manager 3.2.4
In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable.
network
low complexity
ibm
7.5
2023-12-20 CVE-2023-47704 Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository.
network
low complexity
ibm
7.5
2023-12-20 CVE-2023-47706 Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type.
network
low complexity
ibm
8.8
2023-12-18 CVE-2023-46177 Unspecified vulnerability in IBM MQ Appliance 9.3.0.0
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
7.5