IBM IBM

Do you want an email whenever new security vulnerabilities are reported in any IBM product?

Products by IBM Sorted by Most Security Vulnerabilities since 2018

IBM Aix106 vulnerabilities

IBM Rational Quality Manager93 vulnerabilities

IBM Api Connect67 vulnerabilities

IBM Cognos Analytics67 vulnerabilities

IBM Sterling B2b Integrator66 vulnerabilities

IBM Vios61 vulnerabilities

IBM Maximo Asset Management59 vulnerabilities

IBM Rational Team Concert56 vulnerabilities

IBM Security Verify Access36 vulnerabilities

IBM Spectrum Scale36 vulnerabilities

IBM Security Guardium35 vulnerabilities

IBM Datapower Gateway34 vulnerabilities

IBM Business Process Manager31 vulnerabilities

IBM Mq Appliance30 vulnerabilities

IBM Security Access Manager30 vulnerabilities

IBM Planning Analytics28 vulnerabilities

IBM Urbancode Deploy27 vulnerabilities

IBM I26 vulnerabilities

IBM Spectrum Protect Plus23 vulnerabilities

IBM Rhapsody Model Manager23 vulnerabilities

IBM Cloud Pak For Security19 vulnerabilities

IBM Robotic Process Automation19 vulnerabilities

IBM Websphere Mq18 vulnerabilities

IBM Sterling File Gateway18 vulnerabilities

IBM Cics Tx17 vulnerabilities

IBM Content Navigator17 vulnerabilities

IBM Bigfix Platform16 vulnerabilities

IBM Guardium Data Encryption16 vulnerabilities

IBM Cloud Private16 vulnerabilities

IBM Maximo For Oil And Gas16 vulnerabilities

IBM Mq16 vulnerabilities

IBM Maximo For Nuclear Power15 vulnerabilities

IBM Jazz Reporting Service15 vulnerabilities

IBM Maximo For Utilities15 vulnerabilities

IBM Maximo For Life Sciences15 vulnerabilities

IBM Maximo For Aviation15 vulnerabilities

IBM Planning Analytics Local15 vulnerabilities

IBM Maximo For Transportation15 vulnerabilities

IBM Security Identity Manager15 vulnerabilities

IBM Security Secret Server15 vulnerabilities

IBM Maximo Application Suite14 vulnerabilities

IBM Security Directory Server14 vulnerabilities

IBM Removable Media Manager13 vulnerabilities

IBM Websphere Portal13 vulnerabilities

IBM Powersc13 vulnerabilities

IBM Security Information Queue13 vulnerabilities

IBM Informix Dynamic Server13 vulnerabilities

IBM Engineering Insights13 vulnerabilities

IBM Cloud Pak For Applications12 vulnerabilities

IBM Cloud Pak System12 vulnerabilities

IBM Control Desk12 vulnerabilities

IBM Security Verify Governance11 vulnerabilities

IBM Powervm Hypervisor10 vulnerabilities

IBM Tivoli Netcoolimpact10 vulnerabilities

IBM Cognos Controller10 vulnerabilities

IBM Smartcloud Control Desk10 vulnerabilities

IBM Notes9 vulnerabilities

IBM Cloud Orchestrator9 vulnerabilities

IBM Db29 vulnerabilities

IBM Filenet Content Manager9 vulnerabilities

IBM Maximo Anywhere8 vulnerabilities

IBM Spectrum Protect8 vulnerabilities

IBM Storediq8 vulnerabilities

IBM Emptoris Spend Analysis8 vulnerabilities

Known Exploited IBM Vulnerabilities

The following IBM vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
IBM Aspera Faspex Code Execution Vulnerability IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. CVE-2022-47986 February 21, 2023
IBM InfoSphere BigInsights Invalid Input Vulnerability Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. CVE-2013-3993 May 25, 2022
IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands CVE-2015-7450 January 10, 2022
IBM Data Risk Manager Arbritary File Download IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. CVE-2020-4430 November 3, 2021
IBM Data Risk Manager Authentication Bypass IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. CVE-2020-4427 November 3, 2021
IBM Data Risk Manager Command Injection IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. CVE-2020-4428 November 3, 2021
IBM Planning Analytics configuration overwrite vulnerability IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. CVE-2019-4716 November 3, 2021

By the Year

In 2024 there have been 75 vulnerabilities in IBM with an average score of 7.0 out of ten. Last year IBM had 229 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in IBM in 2024 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.04.

Year Vulnerabilities Average Score
2024 75 6.96
2023 229 6.92
2022 266 6.39
2021 373 6.05
2020 340 6.23
2019 439 6.09
2018 307 6.37

It may take a day or so for new IBM vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Security Vulnerabilities

IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting

CVE-2023-28525 4.8 - Medium - March 01, 2024

IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.

XSS

IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2023-28949 6.5 - Medium - March 01, 2024

IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.

Session Riding

IBM Engineering Requirements Management DOORS 9.7.2.7 does not require

CVE-2023-50305 5.1 - Medium - March 01, 2024

IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

Weak Password Requirements

IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants

CVE-2022-22506 4.6 - Medium - February 12, 2024

IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293.

IBM Storage Defender - Resiliency Service 2.0 could

CVE-2023-50957 7.2 - High - February 10, 2024

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.

Improper Privilege Management

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user

CVE-2024-22312 5.5 - Medium - February 10, 2024

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.

Insufficiently Protected Credentials

IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key

CVE-2024-22313 7.8 - High - February 10, 2024

IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.

Use of Hard-coded Credentials

IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms

CVE-2024-22361 7.5 - High - February 10, 2024

IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.

Use of a Broken or Risky Cryptographic Algorithm

IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server

CVE-2024-22318 5.5 - Medium - February 09, 2024

IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.

Session Fixation

The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion

CVE-2024-22332 6.5 - Medium - February 09, 2024

The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.

Resource Exhaustion

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could

CVE-2023-32341 6.5 - Medium - February 09, 2024

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.

Resource Exhaustion

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies

CVE-2023-42016 4.3 - Medium - February 09, 2024

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559.

Cleartext Transmission of Sensitive Information

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could

CVE-2023-45187 8.8 - High - February 09, 2024

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.

Insufficient Session Expiration

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection

CVE-2023-45190 6.1 - Medium - February 09, 2024

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.

Improper Restriction of Excessive Authentication Attempts

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting

CVE-2023-45191 7.5 - High - February 09, 2024

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.

Improper Restriction of Excessive Authentication Attempts

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system

CVE-2023-47700 7.5 - High - February 07, 2024

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.

Improper Certificate Validation

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files

CVE-2023-31002 5.5 - Medium - February 07, 2024

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.

Cleartext Storage of Sensitive Information

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances

CVE-2023-32328 9.8 - Critical - February 07, 2024

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.

Cleartext Transmission of Sensitive Information

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls

CVE-2023-32330 9.8 - Critical - February 07, 2024

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.

Improper Certificate Validation

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require

CVE-2023-38369 7.5 - High - February 07, 2024

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.

Weak Password Requirements

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file

CVE-2023-43017 7.2 - High - February 07, 2024

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155.

Improper Certificate Validation

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19

CVE-2024-22331 5.5 - Medium - February 06, 2024

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.

Information Disclosure

IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could

CVE-2023-46183 4.4 - Medium - February 06, 2024

IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.

IBM PowerVM Hypervisor FW950.00 through FW950.90

CVE-2023-33851 4.9 - Medium - February 04, 2024

IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135.

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting

CVE-2023-50947 5.4 - Medium - February 04, 2024

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.

XSS

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could

CVE-2023-31005 7.8 - High - February 03, 2024

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767.

Improper Privilege Management

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server

CVE-2023-31006 7.5 - High - February 03, 2024

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776.

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data

CVE-2023-32327 7.1 - High - February 03, 2024

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.

XXE

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could

CVE-2023-31004 9 - Critical - February 03, 2024

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765.

Man-in-the-Middle / MITM

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could

CVE-2023-32329 5.5 - Medium - February 03, 2024

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972.

Insufficient Verification of Data Authenticity

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could

CVE-2023-43016 7.3 - High - February 03, 2024

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.

Weak Password Requirements

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could

CVE-2023-30999 7.5 - High - February 03, 2024

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.

Resource Exhaustion

IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting

CVE-2023-38273 7.5 - High - February 02, 2024

IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.

Improper Restriction of Excessive Authentication Attempts

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could

CVE-2023-47142 8.8 - High - February 02, 2024

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.

Permissions, Privileges, and Access Controls

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection

CVE-2023-47143 9.8 - Critical - February 02, 2024

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.

Output Sanitization

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting

CVE-2023-47144 6.1 - Medium - February 02, 2024

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271.

XSS

IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting

CVE-2022-40744 5.4 - Medium - February 02, 2024

IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.

XSS

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system

CVE-2023-38019 6.5 - Medium - February 02, 2024

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575.

Directory traversal

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files

CVE-2023-38020 4.3 - Medium - February 02, 2024

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576.

Improper Output Neutralization for Logs

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could

CVE-2023-38263 8.8 - High - February 02, 2024

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577.

Authorization

IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW

CVE-2023-46159 6.5 - Medium - February 02, 2024

IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.

Improper Input Validation

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack

CVE-2024-22319 9.8 - Critical - February 02, 2024

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could

CVE-2024-22320 8.8 - High - February 02, 2024

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.

Marshaling, Unmarshaling

IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism

CVE-2023-50962 7.5 - High - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.

Cleartext Transmission of Sensitive Information

IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls

CVE-2023-32333 9.8 - Critical - February 02, 2024

IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.

Authorization

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could

CVE-2023-50941 5.4 - Medium - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.

Session Fixation

IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim

CVE-2023-50938 4.3 - Medium - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.

User Interface (UI) Misrepresentation of Critical Information

IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may

CVE-2023-50935 6.5 - Medium - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.

forced browsing

IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication

CVE-2023-50934 5.3 - Medium - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.

authentification

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings

CVE-2023-50328 5.3 - Medium - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.

Exposure of Resource to Wrong Sphere

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could

CVE-2023-50940 9.8 - Critical - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.

Incorrect Comparison

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms

CVE-2023-50937 7.5 - High - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.

Use of a Broken or Risky Cryptographic Algorithm

IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could

CVE-2023-50936 8.8 - High - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.

Insufficient Session Expiration

IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection

CVE-2023-50933 6.1 - Medium - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113.

XSS

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could

CVE-2023-50327 5.3 - Medium - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.

Interpretation Conflict

IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting

CVE-2023-50326 7.5 - High - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.

Improper Restriction of Excessive Authentication Attempts

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms

CVE-2023-50939 7.5 - High - February 02, 2024

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.

Use of a Broken or Risky Cryptographic Algorithm

A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation

CVE-2024-23619 9.8 - Critical - January 26, 2024

A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.

Use of Hard-coded Credentials

An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation

CVE-2024-23620 7.8 - High - January 26, 2024

An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM.

Improper Privilege Management

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server

CVE-2024-23621 9.8 - Critical - January 26, 2024

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.

Classic Buffer Overflow

A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server

CVE-2024-23622 9.8 - Critical - January 26, 2024

A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.

Memory Corruption

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF)

CVE-2023-32337 5.4 - Medium - January 19, 2024

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.

XSPA

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2023-47718 8.8 - High - January 19, 2024

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.

Session Riding

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection

CVE-2023-50963 5.4 - Medium - January 19, 2024

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.

Open Redirect

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could

CVE-2024-22317 9.1 - Critical - January 18, 2024

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.

Improper Restriction of Excessive Authentication Attempts

IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules

CVE-2023-50950 5.3 - Medium - January 17, 2024

IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files

CVE-2023-31001 5.5 - Medium - January 11, 2024

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.

Storing Passwords in a Recoverable Format

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could

CVE-2023-31003 7.8 - High - January 11, 2024

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.

insecure temporary file

IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could

CVE-2023-38267 5.5 - Medium - January 11, 2024

IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain sensitive configuration information. IBM X-Force ID: 260584.

Missing Encryption of Sensitive Data

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45169 5.5 - Medium - January 11, 2024

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45171 5.5 - Medium - January 11, 2024

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45173 5.5 - Medium - January 11, 2024

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45175 5.5 - Medium - January 11, 2024

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973.

IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls

CVE-2023-47140 8.1 - High - January 08, 2024

IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. IBM X-Force ID: 270259.

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key

CVE-2023-50948 9.8 - Critical - January 08, 2024

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.

Use of Hard-coded Credentials

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable

CVE-2023-49880 7.5 - High - December 25, 2023

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call

CVE-2023-43064 7.8 - High - December 25, 2023

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.

DLL preloading

IBM Planning Analytics Local 2.0 could

CVE-2023-42017 9.8 - Critical - December 22, 2023

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.

Unrestricted File Upload

IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service

CVE-2023-45165 5.5 - Medium - December 22, 2023

IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963.

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack

CVE-2023-35895 9.8 - Critical - December 20, 2023

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116.

Injection

An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7

CVE-2023-42012 5.5 - Medium - December 20, 2023

An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could

CVE-2023-42013 5.3 - Medium - December 20, 2023

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510.

Generation of Error Message Containing Sensitive Information

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14

CVE-2023-47161 6.5 - Medium - December 20, 2023

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.

Improper Input Validation

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45172 5.5 - Medium - December 19, 2023

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970.

IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified

CVE-2023-47146 6.5 - Medium - December 19, 2023

IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372.

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection

CVE-2023-42015 4.3 - Medium - December 19, 2023

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512.

XSS

IBM Cloud Pak for Business Automation 18.0.0

CVE-2023-40691 4.9 - Medium - December 18, 2023

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805.

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory

CVE-2023-47741 5.3 - Medium - December 18, 2023

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.

Insufficiently Protected Credentials

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system

CVE-2023-46177 7.5 - High - December 18, 2023

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.

Directory traversal

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code

CVE-2023-45185 8.8 - High - December 14, 2023

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.

AuthZ

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded

CVE-2023-45182 6.5 - Medium - December 14, 2023

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.

Insecure Storage of Sensitive Information

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could

CVE-2023-45184 7.5 - High - December 14, 2023

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.

Insecure Storage of Sensitive Information

IBM SAN Volume Controller

CVE-2023-43042 7.5 - High - December 14, 2023

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.

1393

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms

CVE-2022-43843 7.5 - High - December 14, 2023

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.

Use of a Broken or Risky Cryptographic Algorithm

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45174 7.8 - High - December 13, 2023

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45170 7.8 - High - December 13, 2023

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45166 7.8 - High - December 13, 2023

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user

CVE-2023-47722 5.5 - Medium - December 09, 2023

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.

Insufficiently Protected Credentials

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could

CVE-2023-28527 5.5 - Medium - December 09, 2023

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.

Memory Corruption

IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could

CVE-2023-28526 5.5 - Medium - December 09, 2023

IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.