CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-47990 120 DoS Exec Code Overflow 2023-01-18 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556.
2 CVE-2022-46771 79 XSS 2022-12-20 2022-12-27
0.0
None ??? ??? ??? ??? ??? ???
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.
3 CVE-2022-44755 787 Exec Code Overflow 2022-12-19 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.
4 CVE-2022-44754 787 Exec Code Overflow 2022-12-19 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM.
5 CVE-2022-44753 787 Exec Code Overflow 2022-12-19 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM.
6 CVE-2022-44752 787 Exec Code Overflow 2022-12-19 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM.
7 CVE-2022-44751 787 Exec Code Overflow 2022-12-19 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM.
8 CVE-2022-44750 787 Exec Code Overflow 2022-12-19 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. This vulnerability applies to software previously licensed by IBM.
9 CVE-2022-43920 +Priv 2023-01-04 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362.
10 CVE-2022-43901 668 2022-12-01 2022-12-06
0.0
None ??? ??? ??? ??? ??? ???
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.
11 CVE-2022-43900 287 2022-12-01 2022-12-06
0.0
None ??? ??? ??? ??? ??? ???
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.
12 CVE-2022-43887 532 Bypass 2022-12-19 2022-12-23
0.0
None ??? ??? ??? ??? ??? ???
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.
13 CVE-2022-43883 74 2022-12-19 2022-12-23
0.0
None ??? ??? ??? ??? ??? ???
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.
14 CVE-2022-43864 22 Dir. Trav. 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
15 CVE-2022-43860 89 Sql +Info 2022-12-24 2022-12-31
0.0
None ??? ??? ??? ??? ??? ???
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.
16 CVE-2022-43859 89 Sql +Info 2022-12-22 2022-12-28
0.0
None ??? ??? ??? ??? ??? ???
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.
17 CVE-2022-43858 22 Dir. Trav. Bypass 2022-12-22 2022-12-28
0.0
None ??? ??? ??? ??? ??? ???
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.
18 CVE-2022-43857 22 Dir. Trav. Bypass 2022-12-22 2022-12-28
0.0
None ??? ??? ??? ??? ??? ???
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.
19 CVE-2022-43849 DoS 2022-12-23 2022-12-31
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170.
20 CVE-2022-43848 DoS 2022-12-23 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.
21 CVE-2022-43581 119 Exec Code Overflow 2022-12-07 2022-12-10
0.0
None ??? ??? ??? ??? ??? ???
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
22 CVE-2022-43574 276 2022-11-03 2022-11-04
0.0
None ??? ??? ??? ??? ??? ???
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."
23 CVE-2022-43382 DoS 2022-12-20 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641.
24 CVE-2022-43381 DoS 2022-12-23 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.
25 CVE-2022-43380 DoS 2022-12-23 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640.
26 CVE-2022-42435 352 CSRF 2023-01-04 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.
27 CVE-2022-41735 79 XSS 2022-12-07 2022-12-09
0.0
None ??? ??? ??? ??? ??? ???
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.
28 CVE-2022-41732 522 2022-11-28 2022-12-01
0.0
None ??? ??? ??? ??? ??? ???
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.
29 CVE-2022-41299 79 XSS 2022-12-09 2022-12-12
0.0
None ??? ??? ??? ??? ??? ???
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214.
30 CVE-2022-41297 352 CSRF 2022-12-01 2022-12-06
0.0
None ??? ??? ??? ??? ??? ???
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.
31 CVE-2022-41296 352 CSRF 2022-12-12 2022-12-14
0.0
None ??? ??? ??? ??? ??? ???
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.
32 CVE-2022-41290 269 2022-12-23 2022-12-31
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.
33 CVE-2022-40751 522 2022-11-17 2022-11-18
0.0
None ??? ??? ??? ??? ??? ???
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601.
34 CVE-2022-40616 287 Bypass +Info 2022-09-21 2022-09-22
0.0
None ??? ??? ??? ??? ??? ???
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.
35 CVE-2022-40608 22 Dir. Trav. 2022-09-19 2022-09-21
0.0
None ??? ??? ??? ??? ??? ???
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.
36 CVE-2022-40234 668 +Info 2022-09-19 2022-09-21
0.0
None ??? ??? ??? ??? ??? ???
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.
37 CVE-2022-40233 DoS 2022-12-23 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599.
38 CVE-2022-40230 613 2022-11-03 2022-11-04
0.0
None ??? ??? ??? ??? ??? ???
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532."
39 CVE-2022-40228 613 2022-11-22 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.
40 CVE-2022-39168 522 2022-09-29 2022-10-03
0.0
None ??? ??? ??? ??? ??? ???
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
41 CVE-2022-39167 200 +Info 2023-01-19 2023-01-27
0.0
None ??? ??? ??? ??? ??? ???
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.
42 CVE-2022-39166 +Info 2022-12-20 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.
43 CVE-2022-39165 DoS 2022-12-23 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183.
44 CVE-2022-39164 DoS 2022-12-23 2022-12-31
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181.
45 CVE-2022-39160 79 XSS 2022-12-19 2022-12-23
0.0
None ??? ??? ??? ??? ??? ???
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.
46 CVE-2022-38708 918 2022-12-19 2022-12-23
0.0
None ??? ??? ??? ??? ??? ???
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.
47 CVE-2022-38705 Bypass 2022-11-14 2022-11-16
0.0
None ??? ??? ??? ??? ??? ???
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172.
48 CVE-2022-38390 79 XSS 2022-11-17 2022-11-18
0.0
None ??? ??? ??? ??? ??? ???
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978.
49 CVE-2022-38388 863 +Info 2022-10-11 2022-10-13
0.0
None ??? ??? ??? ??? ??? ???
IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.
50 CVE-2022-36773 611 2022-09-01 2022-11-03
0.0
None ??? ??? ??? ??? ??? ???
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.
Total number of vulnerabilities : 5606   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.