Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1499 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-09 | N/A | 6.5 MEDIUM |
|
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
|
|||||
| CVE-2025-25044 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 5.4 MEDIUM |
|
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-2896 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 4.8 MEDIUM |
|
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-33004 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 6.5 MEDIUM |
|
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
|
|||||
| CVE-2025-33005 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 6.3 MEDIUM |
|
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
|
|||||
| CVE-2025-1329 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-06-05 | N/A | 7.8 HIGH |
|
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the
gethostbyaddr
function.
|
|||||
| CVE-2025-1330 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-06-05 | N/A | 7.8 HIGH |
|
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.
|
|||||
| CVE-2025-1331 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-06-05 | N/A | 7.8 HIGH |
|
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
|
|||||
| CVE-2025-33103 | 1 Ibm | 1 I | 2025-06-04 | N/A | 8.5 HIGH |
|
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.
|
|||||
| CVE-2025-1138 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-04 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
|
|||||
| CVE-2024-51475 | 1 Ibm | 1 Content Navigator | 2025-06-04 | N/A | 5.4 MEDIUM |
|
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
|
|||||
| CVE-2025-25029 | 1 Ibm | 1 Security Guardium | 2025-06-04 | N/A | 4.9 MEDIUM |
|
IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.
|
|||||
| CVE-2025-25026 | 1 Ibm | 1 Security Guardium | 2025-06-04 | N/A | 4.3 MEDIUM |
|
IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.
|
|||||
| CVE-2025-25025 | 1 Ibm | 1 Security Guardium | 2025-06-04 | N/A | 4.3 MEDIUM |
|
IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
|
|||||
| CVE-2023-50933 | 1 Ibm | 1 Powersc | 2025-06-03 | N/A | 6.1 MEDIUM |
|
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113.
|
|||||
| CVE-2023-45190 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2025-06-03 | N/A | 5.1 MEDIUM |
|
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.
|
|||||
| CVE-2025-33136 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-05-30 | N/A | 7.1 HIGH |
|
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
|
|||||
| CVE-2025-33137 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-05-30 | N/A | 7.1 HIGH |
|
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
|
|||||
| CVE-2025-33138 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-05-30 | N/A | 5.4 MEDIUM |
|
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
|
|||||
| CVE-2022-40616 | 1 Ibm | 1 Maximo Asset Management | 2025-05-28 | N/A | 8.1 HIGH |
|
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.
|
|||||
| CVE-2022-34348 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2025-05-22 | N/A | 7.1 HIGH |
|
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.
|
|||||
| CVE-2022-22423 | 2 Ibm, Linux | 5 Aix, Common Cryptographic Architecture, I and 2 more | 2025-05-22 | N/A | 5.5 MEDIUM |
|
IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.
|
|||||
| CVE-2022-35721 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2025-05-22 | N/A | 5.4 MEDIUM |
|
IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.
|
|||||
| CVE-2022-40748 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-22 | N/A | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.
|
|||||
| CVE-2022-36771 | 1 Ibm | 1 Qradar User Behavior Analytics | 2025-05-21 | N/A | 6.5 MEDIUM |
|
IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.
|
|||||
| CVE-2022-35722 | 1 Ibm | 1 Jazz For Service Management | 2025-05-20 | N/A | 5.4 MEDIUM |
|
IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381.
|
|||||
| CVE-2022-35282 | 1 Ibm | 1 Websphere Application Server | 2025-05-20 | N/A | 6.5 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.
|
|||||
| CVE-2022-22387 | 1 Ibm | 1 Application Gateway | 2025-05-20 | N/A | 5.4 MEDIUM |
|
IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965.
|
|||||
| CVE-2022-39168 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services | 2025-05-20 | N/A | 7.5 HIGH |
|
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
|
|||||
| CVE-2023-33860 | 1 Ibm | 1 Security Qradar Edr | 2025-05-19 | N/A | 5.3 MEDIUM |
|
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
|
|||||
| CVE-2025-1493 | 1 Ibm | 1 Db2 | 2025-05-16 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1
could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.
|
|||||
| CVE-2025-2898 | 1 Ibm | 1 Maximo Application Suite | 2025-05-16 | N/A | 7.5 HIGH |
|
IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.
|
|||||
| CVE-2022-38388 | 1 Ibm | 1 Navigator Mobile | 2025-05-15 | N/A | 5.5 MEDIUM |
|
IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.
|
|||||
| CVE-2024-25016 | 1 Ibm | 2 Mq, Mq Appliance | 2025-05-12 | N/A | 7.5 HIGH |
|
IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.
|
|||||
| CVE-2024-56338 | 1 Ibm | 1 Sterling B2b Integrator | 2025-05-12 | N/A | 4.8 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-1551 | 1 Ibm | 1 Operational Decision Manager | 2025-05-12 | N/A | 6.1 MEDIUM |
|
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2022-43890 | 1 Ibm | 1 Security Verify Privilege On-premises | 2025-05-08 | N/A | 5.3 MEDIUM |
|
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453.
|
|||||
| CVE-2024-25029 | 1 Ibm | 1 Personal Communications | 2025-05-07 | N/A | 9.0 CRITICAL |
|
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
|
|||||
| CVE-2024-25021 | 1 Ibm | 2 Aix, Vios | 2025-05-06 | N/A | 8.4 HIGH |
|
IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.
|
|||||
| CVE-2021-0193 | 1 Ibm | 1 In-band Manageability | 2025-05-05 | 6.5 MEDIUM | 7.2 HIGH |
|
Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.
|
|||||