Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36183 | 1 Ibm | 1 Watsonx.data | 2026-02-20 | N/A | 3.8 LOW |
|
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.
|
|||||
| CVE-2025-36348 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-02-20 | N/A | 4.9 MEDIUM |
|
IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.
|
|||||
| CVE-2025-13333 | 1 Ibm | 1 Websphere Application Server | 2026-02-20 | N/A | 4.4 MEDIUM |
|
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.
|
|||||
| CVE-2025-13689 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-02-20 | N/A | 8.8 HIGH |
|
IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.
|
|||||
| CVE-2025-36194 | 1 Ibm | 1 Powervm Hypervisor | 2026-02-19 | N/A | 2.8 LOW |
|
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations.
|
|||||
| CVE-2025-36238 | 1 Ibm | 1 Powervm Hypervisor | 2026-02-19 | N/A | 6.0 MEDIUM |
|
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.
|
|||||
| CVE-2025-36436 | 1 Ibm | 1 Cloud Pak For Business Automation | 2026-02-19 | N/A | 6.4 MEDIUM |
|
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-33088 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-18 | N/A | 7.4 HIGH |
|
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources.
|
|||||
| CVE-2024-43178 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-18 | N/A | 5.9 MEDIUM |
|
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2025-36018 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-18 | N/A | 6.5 MEDIUM |
|
IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
|
|||||
| CVE-2025-36019 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-18 | N/A | 6.1 MEDIUM |
|
IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-13867 | 1 Ibm | 1 Db2 | 2026-02-18 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic
|
|||||
| CVE-2025-14689 | 1 Ibm | 1 Db2 | 2026-02-18 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.
|
|||||
| CVE-2025-36247 | 1 Ibm | 1 Db2 | 2026-02-18 | N/A | 7.1 HIGH |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
|
|||||
| CVE-2025-36425 | 1 Ibm | 1 Db2 | 2026-02-18 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.
|
|||||
| CVE-2025-33089 | 1 Ibm | 1 Concert | 2026-02-18 | N/A | 6.5 MEDIUM |
|
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials.
|
|||||
| CVE-2025-33101 | 1 Ibm | 1 Concert | 2026-02-18 | N/A | 5.9 MEDIUM |
|
IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.
|
|||||
| CVE-2025-36243 | 1 Ibm | 1 Concert | 2026-02-18 | N/A | 5.4 MEDIUM |
|
IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
|
|||||
| CVE-2025-36058 | 1 Ibm | 1 Business Automation Workflow | 2026-02-17 | N/A | 5.5 MEDIUM |
|
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map.
|
|||||
| CVE-2025-36059 | 1 Ibm | 1 Business Automation Workflow | 2026-02-17 | N/A | 4.7 MEDIUM |
|
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls.
|
|||||
| CVE-2025-14914 | 1 Ibm | 1 Websphere Application Server | 2026-02-12 | N/A | 7.6 HIGH |
|
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.
|
|||||
| CVE-2025-1823 | 1 Ibm | 1 Jazz Reporting Service | 2026-02-12 | N/A | 3.5 LOW |
|
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources.
|
|||||
| CVE-2025-13379 | 1 Ibm | 1 Aspera Console | 2026-02-12 | N/A | 8.6 HIGH |
|
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
|
|||||
| CVE-2025-13096 | 1 Ibm | 1 Business Automation Workflow | 2026-02-12 | N/A | 7.1 HIGH |
|
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
|
|||||
| CVE-2025-36009 | 1 Ibm | 1 Db2 | 2026-02-11 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable.
|
|||||
| CVE-2025-36424 | 1 Ibm | 1 Db2 | 2026-02-11 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic.
|
|||||
| CVE-2025-36427 | 1 Ibm | 1 Db2 | 2026-02-11 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.
|
|||||
| CVE-2025-15395 | 1 Ibm | 1 Jazz Foundation | 2026-02-11 | N/A | 4.3 MEDIUM |
|
IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.
|
|||||
| CVE-2025-36253 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-11 | N/A | 5.9 MEDIUM |
|
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2025-33081 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-11 | N/A | 3.3 LOW |
|
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.
|
|||||
| CVE-2025-36407 | 1 Ibm | 1 Db2 | 2026-02-09 | N/A | 6.5 MEDIUM |
|
IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.
|
|||||
| CVE-2024-51451 | 1 Ibm | 1 Concert | 2026-02-05 | N/A | 6.5 MEDIUM |
|
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
|
|||||
| CVE-2024-43181 | 1 Ibm | 1 Concert | 2026-02-05 | N/A | 6.3 MEDIUM |
|
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
|
|||||
| CVE-2025-36353 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.2 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
|
|||||
| CVE-2025-36184 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 7.2 HIGH |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
|
|||||
| CVE-2025-36123 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.2 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources.
|
|||||
| CVE-2025-36098 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources.
|
|||||
| CVE-2025-36070 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.
|
|||||
| CVE-2025-36001 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion.
|
|||||
| CVE-2025-2668 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.
|
|||||