Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-10 | CVE-2024-31871 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. | 8.1 |
| 2024-04-10 | CVE-2024-31872 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. | 8.1 |
| 2024-04-10 | CVE-2024-31873 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. | 7.5 |
| 2024-04-06 | CVE-2024-22328 | Unspecified vulnerability in IBM Maximo Application Suite 8.10/8.11 IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2024-04-04 | CVE-2024-27268 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. | 7.5 |
| 2024-03-31 | CVE-2024-22353 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. | 7.5 |
| 2024-03-14 | CVE-2024-22346 | Unspecified vulnerability in IBM I Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. | 7.8 |
| 2024-03-14 | CVE-2024-27266 | Unspecified vulnerability in IBM Maximo Application Suite 7.6.1.3 IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2024-03-13 | CVE-2023-32335 | Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. | 7.5 |
| 2024-03-04 | CVE-2023-32331 | Classic Buffer Overflow vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. | 7.5 |