Filtered by vendor Ibm
Subscribe
Total
7423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43841 | 1 Ibm | 1 Aspera Console | 2025-01-08 | N/A | 4.0 MEDIUM |
| IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078. | |||||
| CVE-2024-31889 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | N/A | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136. | |||||
| CVE-2024-31907 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | N/A | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. | |||||
| CVE-2024-31908 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | N/A | 6.4 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. | |||||
| CVE-2023-38362 | 1 Ibm | 1 Cics Tx | 2025-01-07 | N/A | 5.3 MEDIUM |
| IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814. | |||||
| CVE-2023-38360 | 1 Ibm | 1 Cics Tx | 2025-01-07 | N/A | 6.1 MEDIUM |
| IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769. | |||||
| CVE-2023-37395 | 1 Ibm | 1 Aspera Faspex | 2025-01-07 | N/A | 2.5 LOW |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. | |||||
| CVE-2023-27283 | 1 Ibm | 1 Aspera Orchestrator | 2025-01-07 | N/A | 5.3 MEDIUM |
| IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545. | |||||
| CVE-2023-37407 | 1 Ibm | 1 Aspera Orchestrator | 2025-01-07 | N/A | 8.8 HIGH |
| IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 260116. | |||||
| CVE-2024-31904 | 1 Ibm | 1 App Connect Enterprise | 2025-01-07 | N/A | 6.5 MEDIUM |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. | |||||
| CVE-2024-31893 | 1 Ibm | 1 App Connect Enterprise | 2025-01-07 | N/A | 4.3 MEDIUM |
| IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174. | |||||
| CVE-2024-28760 | 1 Ibm | 1 App Connect Enterprise | 2025-01-07 | N/A | 4.3 MEDIUM |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244. | |||||
| CVE-2023-40695 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 6.3 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938. | |||||
| CVE-2022-22364 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 5.3 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903. | |||||
| CVE-2024-31899 | 1 Ibm | 1 Cognos Command Center | 2025-01-07 | N/A | 4.3 MEDIUM |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | |||||
| CVE-2021-20451 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 6.0 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643. | |||||
| CVE-2023-28952 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 5.3 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463. | |||||
| CVE-2023-40696 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 5.9 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939. | |||||
| CVE-2023-23474 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 3.7 LOW |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403. | |||||
| CVE-2021-20556 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 5.3 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181. | |||||