U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:ibm:aix:-:*:*:*:*:*:x86:*
  • CPE Name Search: true
There are 332 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2023-26283

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.

Published: April 02, 2023; 5:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-26281

IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.

Published: March 01, 2023; 3:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-43578

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683.

Published: February 22, 2023; 1:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-25928

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646.

Published: February 21, 2023; 9:15:13 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-24960

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333

Published: February 17, 2023; 2:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-43579

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.

Published: February 17, 2023; 2:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-40231

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533.

Published: February 17, 2023; 2:15:11 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-40232

IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.

Published: February 17, 2023; 1:15:11 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-24964

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.

Published: February 17, 2023; 12:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-43929

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

Published: February 17, 2023; 12:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-43927

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

Published: February 17, 2023; 12:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-42444

IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.

Published: February 11, 2023; 11:15:15 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-42436

IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.

Published: February 11, 2023; 11:15:15 PM -0500
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2023-23475

IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423.

Published: February 08, 2023; 2:15:11 PM -0500
V3.1: 4.6 MEDIUM
V2.0:(not available)
CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.

Published: February 08, 2023; 2:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-34362

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.

Published: February 08, 2023; 2:15:11 PM -0500
V3.1: 4.6 MEDIUM
V2.0:(not available)
CVE-2022-42439

IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.

Published: February 06, 2023; 4:15:09 PM -0500
V3.1: 4.9 MEDIUM
V2.0:(not available)
CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

Published: February 03, 2023; 2:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-47983

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161.

Published: February 01, 2023; 1:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-43917

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

Published: January 26, 2023; 4:17:49 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)