| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-27290 |
306 |
|
|
2023-03-03 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737. |
|
2 |
CVE-2023-26284 |
|
|
|
2023-03-15 |
2023-03-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. |
|
3 |
CVE-2023-25680 |
|
|
|
2023-03-15 |
2023-03-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032. |
|
4 |
CVE-2023-24975 |
20 |
|
XSS |
2023-03-10 |
2023-03-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030. |
|
5 |
CVE-2023-23469 |
|
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504. |
|
6 |
CVE-2023-22876 |
|
|
+Priv +Info |
2023-03-15 |
2023-03-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364. |
|
7 |
CVE-2023-22860 |
79 |
|
XSS |
2023-02-27 |
2023-03-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. |
|
8 |
CVE-2023-22591 |
613 |
|
|
2023-03-15 |
2023-03-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710. |
|
9 |
CVE-2022-47990 |
120 |
|
DoS Exec Code Overflow |
2023-01-18 |
2023-01-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556. |
|
10 |
CVE-2022-46773 |
287 |
|
Bypass |
2023-03-15 |
2023-03-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951. |
|
11 |
CVE-2022-46771 |
79 |
|
XSS |
2022-12-20 |
2022-12-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273. |
|
12 |
CVE-2022-43923 |
532 |
|
|
2023-02-24 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584. |
|
13 |
CVE-2022-43920 |
|
|
+Priv |
2023-01-04 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362. |
|
14 |
CVE-2022-43902 |
|
|
DoS |
2023-03-10 |
2023-03-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. |
|
15 |
CVE-2022-43901 |
668 |
|
|
2022-12-01 |
2022-12-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829. |
|
16 |
CVE-2022-43900 |
287 |
|
|
2022-12-01 |
2022-12-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827. |
|
17 |
CVE-2022-43887 |
532 |
|
Bypass |
2022-12-19 |
2022-12-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450. |
|
18 |
CVE-2022-43883 |
74 |
|
|
2022-12-19 |
2022-12-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. |
|
19 |
CVE-2022-43874 |
79 |
|
XSS |
2023-03-15 |
2023-03-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963. |
|
20 |
CVE-2022-43873 |
|
|
Exec Code |
2023-02-22 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847. |
|
21 |
CVE-2022-43870 |
532 |
|
|
2023-02-22 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540. |
|
22 |
CVE-2022-43864 |
22 |
|
Dir. Trav. |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427. |
|
23 |
CVE-2022-43860 |
89 |
|
Sql +Info |
2022-12-24 |
2022-12-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305. |
|
24 |
CVE-2022-43859 |
89 |
|
Sql +Info |
2022-12-22 |
2022-12-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304. |
|
25 |
CVE-2022-43858 |
22 |
|
Dir. Trav. Bypass |
2022-12-22 |
2022-12-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303. |
|
26 |
CVE-2022-43857 |
22 |
|
Dir. Trav. Bypass |
2022-12-22 |
2022-12-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301. |
|
27 |
CVE-2022-43849 |
|
|
DoS |
2022-12-23 |
2022-12-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170. |
|
28 |
CVE-2022-43848 |
|
|
DoS |
2022-12-23 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169. |
|
29 |
CVE-2022-43581 |
119 |
|
Exec Code Overflow |
2022-12-07 |
2022-12-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. |
|
30 |
CVE-2022-43574 |
276 |
|
|
2022-11-03 |
2022-11-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." |
|
31 |
CVE-2022-43382 |
|
|
DoS |
2022-12-20 |
2022-12-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641. |
|
32 |
CVE-2022-43381 |
|
|
DoS |
2022-12-23 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639. |
|
33 |
CVE-2022-43380 |
|
|
DoS |
2022-12-23 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640. |
|
34 |
CVE-2022-42435 |
352 |
|
CSRF |
2023-01-04 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054. |
|
35 |
CVE-2022-41735 |
79 |
|
XSS |
2022-12-07 |
2022-12-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687. |
|
36 |
CVE-2022-41734 |
312 |
|
+Info |
2023-02-17 |
2023-03-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587. |
|
37 |
CVE-2022-41732 |
522 |
|
|
2022-11-28 |
2022-12-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. |
|
38 |
CVE-2022-41299 |
79 |
|
XSS |
2022-12-09 |
2022-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. |
|
39 |
CVE-2022-41297 |
352 |
|
CSRF |
2022-12-01 |
2022-12-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212. |
|
40 |
CVE-2022-41296 |
352 |
|
CSRF |
2022-12-12 |
2022-12-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210. |
|
41 |
CVE-2022-41290 |
269 |
|
|
2022-12-23 |
2022-12-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690. |
|
42 |
CVE-2022-40751 |
522 |
|
|
2022-11-17 |
2022-11-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601. |
|
43 |
CVE-2022-40616 |
287 |
|
Bypass +Info |
2022-09-21 |
2022-09-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311. |
|
44 |
CVE-2022-40608 |
22 |
|
Dir. Trav. |
2022-09-19 |
2022-09-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873. |
|
45 |
CVE-2022-40237 |
20 |
|
DoS |
2023-02-27 |
2023-03-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. |
|
46 |
CVE-2022-40234 |
668 |
|
+Info |
2022-09-19 |
2022-09-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718. |
|
47 |
CVE-2022-40233 |
|
|
DoS |
2022-12-23 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599. |
|
48 |
CVE-2022-40230 |
613 |
|
|
2022-11-03 |
2022-11-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532." |
|
49 |
CVE-2022-40228 |
613 |
|
|
2022-11-22 |
2022-11-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527. |
|
50 |
CVE-2022-39168 |
522 |
|
|
2022-09-29 |
2022-10-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. |
