Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-22 CVE-2023-47141 Unspecified vulnerability in IBM DB2
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.
network
low complexity
ibm
6.5
2024-01-22 CVE-2023-27859 Unspecified vulnerability in IBM DB2
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases.
network
low complexity
ibm
6.5
2024-01-22 CVE-2023-47158 Unspecified vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.
network
low complexity
ibm
6.5
2024-01-22 CVE-2023-47747 Unspecified vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.
network
low complexity
ibm
6.5
2024-01-22 CVE-2023-47746 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.
network
low complexity
ibm
6.5
2024-01-22 CVE-2023-50308 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables.
network
low complexity
ibm
6.5
2024-01-19 CVE-2023-32337 Server-Side Request Forgery (SSRF) vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
2024-01-19 CVE-2023-50963 Unspecified vulnerability in IBM Storage Defender Data Protect 1.4.1
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm
5.4
2024-01-19 CVE-2023-35020 Unspecified vulnerability in IBM Sterling Control Center 6.3.0
IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
5.3
2024-01-17 CVE-2023-50950 Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.5.0
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules.
network
low complexity
ibm
5.3