U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:ibm:aix:-:*:*:*:*:*:x86:*
  • CPE Name Search: true
There are 332 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2022-34330

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469.

Published: January 05, 2023; 2:15:09 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-22371

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195.

Published: January 05, 2023; 2:15:09 AM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-35646

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.  

Published: December 22, 2022; 3:15:34 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2022-38391

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.

Published: December 20, 2022; 4:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-43875

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034.

Published: December 20, 2022; 2:15:25 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-43872

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

Published: December 20, 2022; 2:15:24 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2022-34361

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

Published: December 06, 2022; 1:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-40752

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID:  236687.

Published: November 16, 2022; 6:15:10 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40753

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688.

Published: November 15, 2022; 4:15:38 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-40750

IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.

Published: November 11, 2022; 2:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-31772

IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.

Published: November 11, 2022; 2:15:10 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-40747

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584."

Published: November 03, 2022; 4:15:31 PM -0400
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2022-40235

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725."

Published: November 03, 2022; 4:15:31 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-38712

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."

Published: November 03, 2022; 4:15:29 PM -0400
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2022-35717

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361.

Published: November 03, 2022; 4:15:29 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-35642

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592."

Published: November 03, 2022; 4:15:28 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-30615

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592.

Published: November 03, 2022; 4:15:28 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-30608

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.

Published: November 03, 2022; 4:15:28 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-22442

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."

Published: November 03, 2022; 4:15:25 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-22425

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598."

Published: November 03, 2022; 4:15:25 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)