Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23227 | 3 Ibm, Linux, Microsoft | 4 Aix, Tivoli Application Dependency Discovery Manager, Linux Kernel and 1 more | 2025-08-15 | N/A | 6.4 MEDIUM |
|
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-54176 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-15 | N/A | 4.3 MEDIUM |
|
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
|
|||||
| CVE-2025-36034 | 1 Ibm | 1 Infosphere Information Server | 2025-08-14 | N/A | 5.3 MEDIUM |
|
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.
|
|||||
| CVE-2024-56339 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | N/A | 3.7 LOW |
|
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.
|
|||||
| CVE-2023-38264 | 1 Ibm | 1 Java Software Development Kit | 2025-08-14 | N/A | 5.9 MEDIUM |
|
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578.
|
|||||
| CVE-2024-51461 | 1 Ibm | 1 Qradar Wincollect | 2025-08-14 | N/A | 4.3 MEDIUM |
|
IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.
|
|||||
| CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2025-08-14 | N/A | 4.0 MEDIUM |
|
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.
|
|||||
| CVE-2025-1998 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | N/A | 5.5 MEDIUM |
|
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
stores potentially sensitive authentication token information in log files that could be read by a local user.
|
|||||
| CVE-2024-49822 | 1 Ibm | 1 Qradar Advisor | 2025-08-14 | N/A | 4.1 MEDIUM |
|
IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
|
|||||
| CVE-2024-38325 | 1 Ibm | 1 Storage Defender | 2025-08-14 | N/A | 5.9 MEDIUM |
|
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI
could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
|
|||||
| CVE-2024-31906 | 1 Ibm | 1 Automation Decision Services | 2025-08-14 | N/A | 6.2 MEDIUM |
|
IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.
|
|||||
| CVE-2024-41739 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2025-08-14 | N/A | 8.8 HIGH |
|
IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.
|
|||||
| CVE-2024-28787 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2025-08-14 | N/A | 8.7 HIGH |
|
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.
|
|||||
| CVE-2024-28782 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-14 | N/A | 6.3 MEDIUM |
|
IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.
|
|||||
| CVE-2025-33118 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-08-14 | N/A | 6.4 MEDIUM |
|
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-2824 | 1 Ibm | 1 Operational Decision Manager | 2025-08-14 | N/A | 7.4 HIGH |
|
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the vict ...
Show More |
|||||
| CVE-2024-38335 | 1 Ibm | 1 Qradar Network Threat Analytics | 2025-08-14 | N/A | 4.5 MEDIUM |
|
IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources.
|
|||||
| CVE-2025-2670 | 1 Ibm | 1 Openpages | 2025-08-14 | N/A | 4.3 MEDIUM |
|
IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state.
|
|||||
| CVE-2024-41746 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-08-14 | N/A | 7.2 HIGH |
|
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-45662 | 1 Ibm | 1 Safer Payments | 2025-08-14 | N/A | 7.5 HIGH |
|
IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.
|
|||||
| CVE-2024-22348 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | N/A | 5.3 MEDIUM |
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
|
|||||
| CVE-2024-45672 | 1 Ibm | 1 Security Verify Bridge | 2025-08-14 | N/A | 6.0 MEDIUM |
|
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service.
|
|||||
| CVE-2024-45077 | 1 Ibm | 1 Maximo Asset Management | 2025-08-14 | N/A | 6.5 MEDIUM |
|
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.
|
|||||
| CVE-2024-56469 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | N/A | 6.3 MEDIUM |
|
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
|
|||||
| CVE-2024-52890 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2025-08-14 | N/A | 6.1 MEDIUM |
|
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs.
|
|||||
| CVE-2023-38012 | 1 Ibm | 1 Cloud Pak System | 2025-08-14 | N/A | 5.3 MEDIUM |
|
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
|
|||||
| CVE-2025-1838 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-14 | N/A | 6.5 MEDIUM |
|
IBM Cloud Pak for Business Automation
24.0.0 and 24.0.1 through 24.0.1 IF001
Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.
|
|||||
| CVE-2025-1495 | 1 Ibm | 1 Business Automation Workflow | 2025-08-14 | N/A | 4.3 MEDIUM |
|
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
|
|||||
| CVE-2024-41753 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-14 | N/A | 6.1 MEDIUM |
|
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-36000 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | N/A | 4.4 MEDIUM |
|
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8
is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-22349 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | N/A | 4.0 MEDIUM |
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.
|
|||||
| CVE-2025-36124 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | N/A | 5.9 MEDIUM |
|
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration
|
|||||
| CVE-2024-22347 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | N/A | 5.9 MEDIUM |
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2024-51462 | 1 Ibm | 1 Qradar Wincollect | 2025-08-14 | N/A | 4.0 MEDIUM |
|
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.
|
|||||
| CVE-2024-51465 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2025-08-14 | N/A | 8.8 HIGH |
|
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
|
|||||
| CVE-2025-1950 | 1 Ibm | 1 Hardware Management Console | 2025-08-14 | N/A | 9.3 CRITICAL |
|
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
|
|||||
| CVE-2023-38007 | 1 Ibm | 1 Cloud Pak System | 2025-08-14 | N/A | 5.4 MEDIUM |
|
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
|
|||||
| CVE-2025-1991 | 1 Ibm | 1 Informix Dynamic Server | 2025-08-14 | N/A | 7.5 HIGH |
|
IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
|
|||||
| CVE-2025-2895 | 1 Ibm | 1 Cloud Pak System | 2025-08-14 | N/A | 5.4 MEDIUM |
|
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
|
|||||
| CVE-2025-1351 | 1 Ibm | 1 Storage Virtualize | 2025-08-14 | N/A | 6.7 MEDIUM |
|
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
|
|||||