Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-33092 | 1 Ibm | 1 Db2 | 2025-08-06 | N/A | 7.8 HIGH |
|
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
|
|||||
| CVE-2025-36010 | 1 Ibm | 1 Db2 | 2025-08-06 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.
|
|||||
| CVE-2025-2533 | 1 Ibm | 1 Db2 | 2025-08-06 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
|
|||||
| CVE-2024-49342 | 1 Ibm | 1 Informix Dynamic Server | 2025-08-06 | N/A | 7.5 HIGH |
|
IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
|
|||||
| CVE-2024-49343 | 1 Ibm | 1 Informix Dynamic Server | 2025-08-06 | N/A | 5.4 MEDIUM |
|
IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
|
|||||
| CVE-2025-36039 | 1 Ibm | 1 Aspera Faspex | 2025-08-06 | N/A | 6.5 MEDIUM |
|
IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,
|
|||||
| CVE-2025-36040 | 1 Ibm | 1 Aspera Faspex | 2025-08-06 | N/A | 6.5 MEDIUM |
|
IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.
|
|||||
| CVE-2023-38002 | 1 Ibm | 1 Storage Scale | 2025-08-04 | N/A | 5.0 MEDIUM |
|
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.
|
|||||
| CVE-2024-52899 | 1 Ibm | 1 Data Virtualization Manager For Z\/os | 2025-08-04 | N/A | 8.5 HIGH |
|
IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.
|
|||||
| CVE-2025-33014 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-02 | N/A | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
|
|||||
| CVE-2025-2793 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-02 | N/A | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway
6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4
is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-2827 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling File Gateway, Linux Kernel and 1 more | 2025-08-02 | N/A | 4.3 MEDIUM |
|
IBM Sterling File Gateway
6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4
could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.
|
|||||
| CVE-2025-3630 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-02 | N/A | 6.4 MEDIUM |
|
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway
6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4
is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-0895 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-07-31 | N/A | 2.4 LOW |
|
IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.
|
|||||
| CVE-2024-55907 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-07-30 | N/A | 2.0 LOW |
|
IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.
|
|||||
| CVE-2021-39081 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-07-29 | N/A | 5.9 MEDIUM |
|
IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2024-27260 | 1 Ibm | 2 Aix, Vios | 2025-07-29 | N/A | 8.4 HIGH |
|
IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.
|
|||||
| CVE-2024-52906 | 1 Ibm | 2 Aix, Vios | 2025-07-25 | N/A | 5.5 MEDIUM |
|
IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1
could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service.
|
|||||
| CVE-2023-33855 | 2 Ibm, Linux | 4 Aix, Common Cryptographic Architecture, I and 1 more | 2025-07-25 | N/A | 3.7 LOW |
|
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.
|
|||||
| CVE-2024-47107 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-07-25 | N/A | 6.4 MEDIUM |
|
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2023-47150 | 2 Ibm, Linux | 4 Aix, Common Cryptographic Architecture, I and 1 more | 2025-07-25 | N/A | 7.5 HIGH |
|
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.
|
|||||
| CVE-2024-27269 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-07-25 | N/A | 6.8 MEDIUM |
|
IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575.
|
|||||
| CVE-2024-31892 | 2 Ibm, Linux | 2 Storage Scale, Linux Kernel | 2025-07-25 | N/A | 7.5 HIGH |
|
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
|
|||||
| CVE-2024-31891 | 2 Ibm, Linux | 2 Storage Scale, Linux Kernel | 2025-07-25 | N/A | 7.8 HIGH |
|
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1
contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.
|
|||||
| CVE-2024-38337 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2025-07-25 | N/A | 9.1 CRITICAL |
|
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.
|
|||||
| CVE-2024-41783 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2025-07-25 | N/A | 9.1 CRITICAL |
|
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input.
|
|||||
| CVE-2023-47160 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | N/A | 8.2 HIGH |
|
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
|
|||||
| CVE-2024-45081 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | N/A | 6.5 MEDIUM |
|
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
could allow an authenticated user to modify restricted content due to incorrect authorization checks.
|
|||||
| CVE-2024-28780 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | N/A | 5.9 MEDIUM |
|
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client
uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2024-28777 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | N/A | 8.8 HIGH |
|
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.
|
|||||
| CVE-2024-28776 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | N/A | 5.4 MEDIUM |
|
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-52902 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | N/A | 8.8 HIGH |
|
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.
|
|||||
| CVE-2025-33112 | 1 Ibm | 2 Aix, Vios | 2025-07-25 | N/A | 8.4 HIGH |
|
IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input.
|
|||||
| CVE-2024-28786 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-07-25 | N/A | 6.5 MEDIUM |
|
IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques.
|
|||||
| CVE-2024-35134 | 1 Ibm | 1 Analytics Content Hub | 2025-07-25 | N/A | 5.3 MEDIUM |
|
IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
|
|||||
| CVE-2024-56347 | 1 Ibm | 1 Aix | 2025-07-25 | N/A | 9.6 CRITICAL |
|
IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.
|
|||||
| CVE-2024-56346 | 1 Ibm | 1 Aix | 2025-07-25 | N/A | 10.0 CRITICAL |
|
IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.
|
|||||
| CVE-2024-49823 | 2 Ibm, Linux | 4 Aix, Common Cryptographic Architecture, I and 1 more | 2025-07-25 | N/A | 6.5 MEDIUM |
|
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.
|
|||||
| CVE-2024-41760 | 2 Ibm, Linux | 4 Aix, Common Cryptographic Architecture, I and 1 more | 2025-07-25 | N/A | 3.7 LOW |
|
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
|
|||||
| CVE-2024-22340 | 2 Ibm, Linux | 4 Aix, Common Cryptographic Architecture, I and 1 more | 2025-07-25 | N/A | 6.5 MEDIUM |
|
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.
|
|||||