Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49348 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-12 | N/A | 4.3 MEDIUM |
|
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2
allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.
|
|||||
| CVE-2024-52364 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-12 | N/A | 5.4 MEDIUM |
|
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-52365 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-12 | N/A | 6.4 MEDIUM |
|
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2
is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-36097 | 1 Ibm | 1 Websphere Application Server | 2025-08-11 | N/A | 7.5 HIGH |
|
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.
|
|||||
| CVE-2025-33109 | 1 Ibm | 1 I | 2025-08-11 | N/A | 7.5 HIGH |
|
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.
|
|||||
| CVE-2025-33020 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-11 | N/A | 5.9 MEDIUM |
|
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
|
|||||
| CVE-2025-1411 | 1 Ibm | 1 Security Verify Directory | 2025-08-11 | N/A | 7.8 HIGH |
|
IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.
|
|||||
| CVE-2024-37071 | 1 Ibm | 1 Db2 | 2025-08-09 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
|
|||||
| CVE-2023-50956 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-09 | N/A | 4.4 MEDIUM |
|
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.
|
|||||
| CVE-2025-0161 | 1 Ibm | 1 Security Verify Access | 2025-08-08 | N/A | 7.8 HIGH |
|
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.
|
|||||
| CVE-2025-0719 | 1 Ibm | 1 Cloud Pak For Data | 2025-08-08 | N/A | 6.1 MEDIUM |
|
IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-41778 | 1 Ibm | 1 Controller | 2025-08-08 | N/A | 5.3 MEDIUM |
|
IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
|
|||||
| CVE-2024-45650 | 1 Ibm | 1 Security Verify Directory | 2025-08-08 | N/A | 7.5 HIGH |
|
IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation.
|
|||||
| CVE-2024-45658 | 1 Ibm | 1 Security Verify Access | 2025-08-08 | N/A | 2.7 LOW |
|
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
|
|||||
| CVE-2024-49814 | 1 Ibm | 1 Security Verify Access | 2025-08-08 | N/A | 7.8 HIGH |
|
IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.
|
|||||
| CVE-2024-51450 | 1 Ibm | 1 Security Verify Directory | 2025-08-08 | N/A | 9.1 CRITICAL |
|
IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
|
|||||
| CVE-2024-45663 | 1 Ibm | 1 Db2 | 2025-08-08 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
|
|||||
| CVE-2024-49351 | 1 Ibm | 1 Workload Scheduler | 2025-08-08 | N/A | 5.5 MEDIUM |
|
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.
|
|||||
| CVE-2024-47119 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-08 | N/A | 5.9 MEDIUM |
|
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.
|
|||||
| CVE-2024-52361 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-08 | N/A | 5.7 MEDIUM |
|
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
stores user credentials in plain text which can be read by an authenticated user with access to the pod.
|
|||||
| CVE-2024-49354 | 1 Ibm | 1 Concert | 2025-08-08 | N/A | 5.3 MEDIUM |
|
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.
|
|||||
| CVE-2024-47106 | 1 Ibm | 1 Jazz For Service Management | 2025-08-08 | N/A | 5.3 MEDIUM |
|
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.
|
|||||
| CVE-2023-46175 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2025-08-08 | N/A | 4.4 MEDIUM |
|
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.
|
|||||
| CVE-2023-47726 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-08 | N/A | 7.1 HIGH |
|
IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087.
|
|||||
| CVE-2025-33076 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-07 | N/A | 8.8 HIGH |
|
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
|
|||||
| CVE-2025-33077 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-07 | N/A | 8.8 HIGH |
|
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
|
|||||
| CVE-2025-36116 | 1 Ibm | 1 Db2 Mirror For I | 2025-08-07 | N/A | 6.3 MEDIUM |
|
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
|
|||||
| CVE-2025-36117 | 1 Ibm | 1 Db2 Mirror For I | 2025-08-07 | N/A | 6.3 MEDIUM |
|
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.
|
|||||
| CVE-2025-33097 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-08-07 | N/A | 6.4 MEDIUM |
|
IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-36107 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-07 | N/A | 5.9 MEDIUM |
|
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.
|
|||||
| CVE-2025-36057 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-07 | N/A | 5.2 MEDIUM |
|
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22
is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.
|
|||||
| CVE-2025-36062 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-07 | N/A | 5.9 MEDIUM |
|
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22
could be vulnerable to information exposure due to the use of unencrypted network traffic.
|
|||||
| CVE-2025-36106 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-07 | N/A | 6.5 MEDIUM |
|
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime.
|
|||||
| CVE-2025-36071 | 1 Ibm | 1 Db2 | 2025-08-07 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources.
|
|||||
| CVE-2024-52894 | 1 Ibm | 1 Db2 | 2025-08-07 | N/A | 4.9 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
|
|||||
| CVE-2024-41751 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2025-08-06 | N/A | 5.5 MEDIUM |
|
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data.
|
|||||
| CVE-2024-41750 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2025-08-06 | N/A | 5.5 MEDIUM |
|
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data.
|
|||||
| CVE-2024-40686 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2025-08-06 | N/A | 5.4 MEDIUM |
|
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
|
|||||
| CVE-2024-40682 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2025-08-06 | N/A | 6.2 MEDIUM |
|
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause a denial of service due to improper validation of specified type of input.
|
|||||
| CVE-2025-33114 | 1 Ibm | 1 Db2 | 2025-08-06 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
is vulnerable to denial of service with a specially crafted query under certain non-default conditions.
|
|||||