IBM : Security Vulnerabilities, CVEs, (Gain Privilege) CVSS score >= 6
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
Max CVSS
9.0
EPSS Score
0.04%
Published
2024-04-06
Updated
2024-04-08
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-06
Updated
2023-10-10
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-29
Updated
2023-11-08
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-29
Updated
2023-11-08
IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-15
Updated
2023-10-19
Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-16
Updated
2023-10-19
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.
Max CVSS
6.5
EPSS Score
0.04%
Published
2023-10-04
Updated
2023-10-05
Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-09-28
Updated
2023-09-29
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-10-22
Updated
2023-10-27
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-08-14
Updated
2023-08-23
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577.
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-02-02
Updated
2024-02-09
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-02
Updated
2024-02-07
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-07-16
Updated
2023-07-26
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-07-16
Updated
2023-07-26
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-07-19
Updated
2023-07-28
IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-07-10
Updated
2023-08-18
A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320.
Max CVSS
8.8
EPSS Score
1.04%
Published
2023-05-04
Updated
2023-05-10
IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-03-15
Updated
2023-07-11
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-03-15
Updated
2023-03-19
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.
Max CVSS
6.5
EPSS Score
0.04%
Published
2022-12-01
Updated
2022-12-06
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.
Max CVSS
7.2
EPSS Score
0.08%
Published
2023-03-22
Updated
2023-03-28
IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812.
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-02-17
Updated
2024-02-20
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.
Max CVSS
8.1
EPSS Score
0.06%
Published
2022-09-21
Updated
2022-09-22
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575.
Max CVSS
6.5
EPSS Score
0.04%
Published
2022-10-06
Updated
2022-10-14
After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.
Max CVSS
9.8
EPSS Score
0.25%
Published
2022-11-11
Updated
2022-11-17