IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 247599.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-02-29
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-28
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.
CVSS Score
8.5
EPSS Score
0.001
Published
2024-02-28
IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.
CVSS Score
8.4
EPSS Score
0.001
Published
2024-02-22
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-01-22
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server)
10.5, 11.1 and 11.5
could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-01-22
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-01-22
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-01-22
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-01-22
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-01-22