Filtered by vendor Ibm
Subscriptions
Total
7549 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49823 | 1 Ibm | 1 4769 | 2025-03-11 | 6.5 Medium |
| IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests. | ||||
| CVE-2024-41760 | 1 Ibm | 1 4769 | 2025-03-11 | 3.7 Low |
| IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations. | ||||
| CVE-2024-22340 | 1 Ibm | 1 4769 | 2025-03-11 | 6.5 Medium |
| IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack. | ||||
| CVE-2024-52905 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-10 | 2.7 Low |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user. | ||||
| CVE-2023-22860 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-03-10 | 5.4 Medium |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. | ||||
| CVE-2024-43169 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Next | 2025-03-07 | 8.8 High |
| IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. | ||||
| CVE-2024-41770 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Next | 2025-03-07 | 7.5 High |
| IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | ||||
| CVE-2024-41771 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Next | 2025-03-07 | 7.5 High |
| IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | ||||
| CVE-2024-56471 | 1 Ibm | 1 Aspera Shares | 2025-03-07 | 5.4 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2024-38317 | 1 Ibm | 1 Aspera Shares | 2025-03-07 | 4.8 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-38318 | 1 Ibm | 1 Aspera Shares | 2025-03-07 | 4.8 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2024-56470 | 1 Ibm | 1 Aspera Shares | 2025-03-07 | 5.4 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2024-56472 | 1 Ibm | 1 Aspera Shares | 2025-03-07 | 6.4 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-43052 | 1 Ibm | 1 Control Center | 2025-03-07 | 5.3 Medium |
| IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. | ||||
| CVE-2023-47714 | 1 Ibm | 1 Sterling File Gateway | 2025-03-07 | 4.8 Medium |
| IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. | ||||
| CVE-2024-22357 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | 5.4 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894. | ||||
| CVE-2023-45186 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | 4.8 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691. | ||||
| CVE-2023-50307 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | 5.4 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338. | ||||
| CVE-2025-0159 | 1 Ibm | 1 Storage Virtualize | 2025-03-07 | 9.1 Critical |
| IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. | ||||
| CVE-2024-38316 | 1 Ibm | 1 Aspera Shares | 2025-03-06 | 4.3 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | ||||