IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-03-03
Updated
2024-03-04
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-02-10
Updated
2024-02-16
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-10
Updated
2024-02-15
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-02-02
Updated
2024-02-12
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-02-02
Updated
2024-02-02
In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-12-25
Updated
2024-01-03
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-12-20
Updated
2023-12-22
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-12-04
Updated
2024-01-19
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
Max CVSS
7.5
EPSS Score
0.06%
Published
2024-02-07
Updated
2024-02-15
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.
Max CVSS
7.5
EPSS Score
0.06%
Published
2024-01-22
Updated
2024-03-07
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-02-02
Updated
2024-02-08
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-12-18
Updated
2023-12-22
IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-03
Updated
2023-11-09
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-12-04
Updated
2024-01-12
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-01-22
Updated
2024-03-07
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-02-09
Updated
2024-02-15
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-12-14
Updated
2023-12-19
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.
Max CVSS
7.4
EPSS Score
0.04%
Published
2023-12-14
Updated
2023-12-18
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-12-03
Updated
2024-01-12
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-12-25
Updated
2024-01-03
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-10-23
Updated
2023-10-28
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-09-28
Updated
2023-10-03
1170 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!