Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 52 ms.

CVE-2022-43867: Security Bulletin: A vulnerability in IBM Spectrum Scale could allow a local attacker to execute arbitrary commands (CVE-2022-43867)

IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.

CVE
Open in Source
#vulnerability#linux#ibm
CVE-2022-40228: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.

CVE-2022-41732: IBM Maximo Mobile is vulnerable to Information Disclosure (CVE-2022-41732)

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.

CVE-2023-30444: Security Bulletin: IBM Watson Machine Learning on Cloud Pak for Data is affected by SSRF vulnerability (CVE-2023-30444)

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350.

CVE-2023-26285: Security Bulletin: IBM MQ Appliance could allow a remote attacker to cause a denial of service (CVE-2023-26285)

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.

CVE-2023-29260: Express for UNIX is vulnerable to server-side request forgery (SSRF)

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.

CVE-2023-28953: Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed a security vulnerability (CVE-2023-28953)

IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.

CVE-2023-26274: Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS) (CVE-2023-26274)

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.

CVE-2023-25682: Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure (CVE-2023-25682)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.

CVE-2023-38732: IBM Robotic Process Automation is vulnerable to exposure of sensitive information in application logs (CVE-2023-38732)

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.