Ibm: Security Vulnerabilities
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.
CVSS Score
7.7
EPSS Score
0.0
Published
2024-06-19
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. IBM X-Force ID: 285203.
CVSS Score
7.4
EPSS Score
0.0
Published
2024-06-15
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-06-15
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-06-13
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-06-13
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-12
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-06-12
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-12
IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-06-09
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-07