Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7460 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43887 1 Ibm 1 Cognos Analytics 2024-11-21 N/A 5.3 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.
CVE-2022-43883 1 Ibm 1 Cognos Analytics 2024-11-21 N/A 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.
CVE-2022-43875 2 Ibm, Linux 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more 2024-11-21 N/A 6.2 MEDIUM
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034.
CVE-2022-43874 1 Ibm 1 App Connect Enterprise Certified Container 2024-11-21 N/A 6.1 MEDIUM
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963.
CVE-2022-43873 1 Ibm 1 Spectrum Virtualize 2024-11-21 N/A 6.3 MEDIUM
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.
CVE-2022-43872 2 Ibm, Linux 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more 2024-11-21 N/A 5.3 MEDIUM
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.
CVE-2022-43871 1 Ibm 1 Financial Transaction Manager For Multiplatform 2024-11-21 N/A 4.6 MEDIUM
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707.
CVE-2022-43870 1 Ibm 1 Spectrum Virtualize 2024-11-21 N/A 6.5 MEDIUM
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.
CVE-2022-43869 2 Ibm, Linux 3 Elastic Storage System, Spectrum Scale, Linux Kernel 2024-11-21 N/A 6.5 MEDIUM
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.
CVE-2022-43868 1 Ibm 1 Security Verify Access Oidc Provider 2024-11-21 N/A 5.3 MEDIUM
IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.
CVE-2022-43867 2 Ibm, Linux 2 Spectrum Scale Container Native Storage Access, Linux Kernel 2024-11-21 N/A 7.8 HIGH
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.
CVE-2022-43864 1 Ibm 2 Business Automation Workflow, Business Monitor 2024-11-21 N/A 7.5 HIGH
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
CVE-2022-43863 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-11-21 N/A 6.7 MEDIUM
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.
CVE-2022-43860 1 Ibm 1 I 2024-11-21 N/A 4.3 MEDIUM
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.
CVE-2022-43859 1 Ibm 1 I 2024-11-21 N/A 6.3 MEDIUM
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.
CVE-2022-43858 1 Ibm 1 I 2024-11-21 N/A 4.3 MEDIUM
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.
CVE-2022-43857 1 Ibm 1 I 2024-11-21 N/A 4.3 MEDIUM
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.
CVE-2022-43849 1 Ibm 2 Aix, Vios 2024-11-21 N/A 6.2 MEDIUM
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170.
CVE-2022-43848 1 Ibm 2 Aix, Vios 2024-11-21 N/A 6.2 MEDIUM
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.
CVE-2022-43843 1 Ibm 1 Spectrum Scale 2024-11-21 N/A 5.9 MEDIUM
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.