IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647.
Source: IBM Corporation
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-05-22
Updated
2024-05-24
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.
Source: IBM Corporation
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-05-22
Updated
2024-05-24
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.
Source: IBM Corporation
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-05-22
Updated
2024-05-24
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.
Source: IBM Corporation
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-05-22
Updated
2024-05-24
IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-16
Updated
2024-04-17
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-05-18
Updated
2024-05-20
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318.
Source: IBM Corporation
Max CVSS
6.2
EPSS Score
0.04%
Published
2024-04-10
Updated
2024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-10
Updated
2024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-10
Updated
2024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-10
Updated
2024-04-10
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.
Source: IBM Corporation
Max CVSS
8.7
EPSS Score
0.04%
Published
2024-04-04
Updated
2024-04-04
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.
Source: IBM Corporation
Max CVSS
5.4
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.
Source: IBM Corporation
Max CVSS
6.3
EPSS Score
0.04%
Published
2024-04-03
Updated
2024-04-03
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654.
Source: IBM Corporation
Max CVSS
5.4
EPSS Score
0.04%
Published
2024-05-10
Updated
2024-05-14
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648.
Source: IBM Corporation
Max CVSS
4.4
EPSS Score
0.04%
Published
2024-05-01
Updated
2024-05-01
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623.
Source: IBM Corporation
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-05-01
Updated
2024-05-01
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245.
Source: IBM Corporation
Max CVSS
5.4
EPSS Score
0.04%
Published
2024-05-11
Updated
2024-05-14
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.
Source: IBM Corporation
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-05-11
Updated
2024-05-14
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205.
Source: IBM Corporation
Max CVSS
6.2
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.
Source: IBM Corporation
Max CVSS
8.1
EPSS Score
0.04%
Published
2024-05-07
Updated
2024-05-08
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.
Source: IBM Corporation
Max CVSS
4.7
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575.
Source: IBM Corporation
Max CVSS
6.8
EPSS Score
0.04%
Published
2024-05-10
Updated
2024-05-14
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.
Source: IBM Corporation
Max CVSS
5.9
EPSS Score
0.05%
Published
2024-04-04
Updated
2024-05-16
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.
Source: IBM Corporation
Max CVSS
8.2
EPSS Score
0.07%
Published
2024-03-14
Updated
2024-03-19
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564.
Source: IBM Corporation
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-14
Updated
2024-03-19
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!