Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-12 CVE-2023-29267 Unspecified vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
network
low complexity
ibm
6.5
2024-06-12 CVE-2024-31881 Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.
network
low complexity
ibm CWE-770
6.5
2024-06-12 CVE-2024-28762 Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions.
network
low complexity
ibm CWE-770
6.5
2024-06-07 CVE-2024-31878 Information Exposure Through Discrepancy vulnerability in IBM I
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker.
network
low complexity
ibm CWE-203
5.3
2024-06-06 CVE-2024-22326 Missing Authentication for Critical Function vulnerability in IBM Ds8900F Firmware
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.
network
low complexity
ibm CWE-306
6.3
2024-04-19 CVE-2022-40745 Inadequate Encryption Strength vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security.
local
low complexity
ibm CWE-326
5.5
2024-04-19 CVE-2023-27279 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting.
network
low complexity
ibm
6.5
2024-04-19 CVE-2023-37397 Inadequate Encryption Strength vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data.
local
low complexity
ibm CWE-326
4.4
2024-04-02 CVE-2023-50313 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration.
low complexity
ibm CWE-327
6.5
2024-03-31 CVE-2023-50959 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account.
network
low complexity
ibm
6.5