Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-14 CVE-2024-31882 Injection vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
network
low complexity
ibm CWE-74
6.5
2024-08-14 CVE-2024-35136 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions.
network
low complexity
ibm
6.5
2024-08-14 CVE-2024-35152 Unspecified vulnerability in IBM DB2 11.5.8/11.5.9
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
network
low complexity
ibm
6.5
2024-08-14 CVE-2024-37529 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
network
low complexity
ibm
6.5
2024-08-14 CVE-2023-50315 Unspecified vulnerability in IBM Websphere Application Server 8.5.0.0/9.0.0.0
IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks.
network
high complexity
ibm
5.9
2024-08-14 CVE-2024-27267 Unspecified vulnerability in IBM Java SDK
The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads.
network
high complexity
ibm
5.9
2024-08-13 CVE-2024-41774 Cross-site Scripting vulnerability in IBM Common Licensing 9.0
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2024-08-13 CVE-2022-38382 Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information.
network
low complexity
ibm CWE-613
4.1
2024-08-12 CVE-2023-38018 Session Fixation vulnerability in IBM Aspera Shares 1.10.0
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-384
5.4
2024-08-06 CVE-2024-39751 Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3