IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.
Max CVSS
8.2
EPSS Score
0.07%
Published
2024-03-14
Updated
2024-03-19
IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.
Max CVSS
8.4
EPSS Score
0.04%
Published
2024-02-22
Updated
2024-02-22
An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-01-26
Updated
2024-01-31
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.
Max CVSS
8.4
EPSS Score
0.04%
Published
2024-03-14
Updated
2024-03-19
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.
Max CVSS
8.0
EPSS Score
0.05%
Published
2024-02-10
Updated
2024-02-15
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-02-02
Updated
2024-02-02
IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.
Max CVSS
8.8
EPSS Score
0.06%
Published
2024-01-19
Updated
2024-01-24
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-12-20
Updated
2023-12-22
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.
Max CVSS
8.4
EPSS Score
0.04%
Published
2024-01-07
Updated
2024-03-07
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-02-02
Updated
2024-02-08
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. IBM X-Force ID: 270259.
Max CVSS
8.1
EPSS Score
0.09%
Published
2024-01-08
Updated
2024-01-11
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-02-09
Updated
2024-02-15
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-12-14
Updated
2023-12-18
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-19
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-19
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-12-01
Updated
2023-12-06
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-19
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155.
Max CVSS
8.2
EPSS Score
0.05%
Published
2024-02-07
Updated
2024-02-10
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-11-03
Updated
2023-11-09
IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-12-01
Updated
2023-12-06
IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.
Max CVSS
8.8
EPSS Score
0.07%
Published
2023-11-28
Updated
2023-12-04
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.
Max CVSS
8.8
EPSS Score
0.08%
Published
2024-01-19
Updated
2024-01-24
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332.
Max CVSS
8.1
EPSS Score
0.04%
Published
2023-11-18
Updated
2023-11-29
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.
Max CVSS
8.1
EPSS Score
0.05%
Published
2024-01-19
Updated
2024-01-24
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-08-14
Updated
2023-08-23
486 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!