Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:x86:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-47141 |
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. Published: January 22, 2024; 4:15:09 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-47747 |
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. Published: January 22, 2024; 3:15:47 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-47158 |
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. Published: January 22, 2024; 3:15:47 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-47152 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. Published: January 22, 2024; 3:15:46 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-27859 |
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. Published: January 22, 2024; 3:15:46 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-50308 |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. Published: January 22, 2024; 2:15:09 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-47746 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. Published: January 22, 2024; 2:15:08 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-45193 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. Published: January 22, 2024; 2:15:08 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-35020 |
IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. Published: January 18, 2024; 8:15:08 PM -0500 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-28513 |
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. Published: July 18, 2023; 10:15:09 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-42436 |
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. Published: February 11, 2023; 11:15:15 PM -0500 |
V3.1: 3.3 LOW V2.0:(not available) |
CVE-2022-35720 |
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. Published: February 08, 2023; 2:15:11 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-34362 |
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. Published: February 08, 2023; 2:15:11 PM -0500 |
V3.1: 4.6 MEDIUM V2.0:(not available) |
CVE-2022-43875 |
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. Published: December 20, 2022; 2:15:25 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-43872 |
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. Published: December 20, 2022; 2:15:24 PM -0500 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2022-34361 |
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. Published: December 06, 2022; 1:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-31772 |
IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. Published: November 11, 2022; 2:15:10 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2021-29841 |
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. Published: September 14, 2021; 10:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-29728 |
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. Published: August 30, 2021; 1:15:07 PM -0400 |
V3.1: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-29723 |
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. Published: August 30, 2021; 1:15:07 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |