Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22314 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-19 | N/A | 5.9 MEDIUM |
|
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2024-22315 | 1 Ibm | 3 Storage Fusion, Storage Fusion Hci, Storage Fusion Hci For Watsonx | 2025-08-19 | N/A | 4.0 MEDIUM |
|
IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
|
|||||
| CVE-2024-55896 | 1 Ibm | 1 I | 2025-08-19 | N/A | 5.4 MEDIUM |
|
IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.
|
|||||
| CVE-2024-49785 | 1 Ibm | 2 Watsonx.ai, Watsonx.ai On Cloud Pak For Data | 2025-08-19 | N/A | 5.4 MEDIUM |
|
IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-31896 | 1 Ibm | 1 Spss Statistics | 2025-08-18 | N/A | 5.9 MEDIUM |
|
IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2025-0986 | 1 Ibm | 1 Powervm Hypervisor | 2025-08-18 | N/A | 4.5 MEDIUM |
|
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration.
|
|||||
| CVE-2023-37405 | 1 Ibm | 2 Cloud Pak System, Cloud Pak System Software Suite | 2025-08-18 | N/A | 6.5 MEDIUM |
|
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
|
|||||
| CVE-2024-45674 | 1 Ibm | 3 Security Verify Bridge Directory Sync, Security Verify Gateway For Radius, Security Verify Gateway For Windows Login | 2025-08-18 | N/A | 3.3 LOW |
|
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11
stores potentially sensitive information in log files that could be read by a local user.
|
|||||
| CVE-2025-0159 | 1 Ibm | 1 Storage Virtualize | 2025-08-18 | N/A | 9.1 CRITICAL |
|
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
|
|||||
| CVE-2025-0160 | 1 Ibm | 1 Storage Virtualize | 2025-08-18 | N/A | 8.1 HIGH |
|
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
|
|||||
| CVE-2024-54179 | 1 Ibm | 1 Business Automation Workflow | 2025-08-18 | N/A | 5.4 MEDIUM |
|
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-2000 | 1 Ibm | 1 Qiskit | 2025-08-18 | N/A | 9.8 CRITICAL |
|
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
|
|||||
| CVE-2024-27256 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-18 | N/A | 5.9 MEDIUM |
|
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2024-56477 | 1 Ibm | 1 Power Hardware Management Console | 2025-08-18 | N/A | 6.5 MEDIUM |
|
IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
|
|||||
| CVE-2024-55904 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-18 | N/A | 7.2 HIGH |
|
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
|
|||||
| CVE-2024-37526 | 1 Ibm | 2 Data Virtualization On Cloud Pak For Data, Watson Query With Cloud Pak For Data | 2025-08-18 | N/A | 6.5 MEDIUM |
|
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
|
|||||
| CVE-2024-38320 | 6 Apple, Hp, Ibm and 3 more | 8 Macos, Hp-ux, Aix and 5 more | 2025-08-18 | N/A | 5.9 MEDIUM |
|
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2025-33142 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-08-18 | N/A | 5.3 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.
|
|||||
| CVE-2023-46187 | 1 Ibm | 1 Infosphere Master Data Management | 2025-08-18 | N/A | 5.4 MEDIUM |
|
IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2023-38009 | 3 Apple, Google, Ibm | 3 Iphone Os, Android, Cognos Analytics | 2025-08-18 | N/A | 4.2 MEDIUM |
|
IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
|
|||||
| CVE-2024-51457 | 1 Ibm | 1 Robotic Process Automation For Cloud Pak | 2025-08-18 | N/A | 4.4 MEDIUM |
|
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-45652 | 1 Ibm | 1 Maximo Asset Management | 2025-08-18 | N/A | 6.5 MEDIUM |
|
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
|
|||||
| CVE-2024-49824 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2025-08-18 | N/A | 6.5 MEDIUM |
|
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18
could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.
|
|||||
| CVE-2024-47113 | 1 Ibm | 1 Voice Gateway | 2025-08-18 | N/A | 8.1 HIGH |
|
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.
|
|||||
| CVE-2024-27273 | 1 Ibm | 2 Aix, Vios | 2025-08-18 | N/A | 8.1 HIGH |
|
IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.
|
|||||
| CVE-2023-42005 | 1 Ibm | 3 Cloud Pak For Data, Db2, Db2 Warehouse | 2025-08-18 | N/A | 7.4 HIGH |
|
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
|
|||||
| CVE-2023-38272 | 1 Ibm | 1 Cloud Pak System | 2025-08-18 | N/A | 5.9 MEDIUM |
|
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1
could allow a user with access to the network to obtain sensitive information from CLI arguments.
|
|||||
| CVE-2023-43029 | 1 Ibm | 1 Storage Virtualize Plugin For Vsphere | 2025-08-17 | N/A | 6.8 MEDIUM |
|
IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment.
|
|||||
| CVE-2023-47716 | 1 Ibm | 2 Cp4ba - Filenet Content Manager, Filenet Content Manager | 2025-08-15 | N/A | 6.3 MEDIUM |
|
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656.
|
|||||
| CVE-2023-43043 | 1 Ibm | 2 Enterprise Asset Management, Maximo Mobile For Eam | 2025-08-15 | N/A | 5.1 MEDIUM |
|
IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875.
|
|||||
| CVE-2024-47117 | 1 Ibm | 1 Carbon Charts | 2025-08-15 | N/A | 5.4 MEDIUM |
|
IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-51470 | 1 Ibm | 2 Mq Appliance, Mq For Hpe Nonstop | 2025-08-15 | N/A | 6.5 MEDIUM |
|
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
|
|||||
| CVE-2024-28767 | 1 Ibm | 1 Security Directory Integrator | 2025-08-15 | N/A | 6.8 MEDIUM |
|
IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
|
|||||
| CVE-2025-36023 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-15 | N/A | 6.5 MEDIUM |
|
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.
|
|||||
| CVE-2025-36119 | 1 Ibm | 1 I | 2025-08-15 | N/A | 7.1 HIGH |
|
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator.
|
|||||
| CVE-2024-41779 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-15 | N/A | 9.8 CRITICAL |
|
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.
|
|||||
| CVE-2024-41781 | 1 Ibm | 9 Power System E950, Power System E980, Power System H922 and 6 more | 2025-08-15 | N/A | 5.1 MEDIUM |
|
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore.
|
|||||
| CVE-2024-49353 | 1 Ibm | 1 Watson Assistant For Ibm Cloud Pak For Data | 2025-08-15 | N/A | 7.5 HIGH |
|
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.
|
|||||
| CVE-2024-40681 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-15 | N/A | 7.5 HIGH |
|
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
|
|||||
| CVE-2024-43191 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2025-08-15 | N/A | 7.2 HIGH |
|
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
|
|||||