Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36140 | 1 Ibm | 1 Watsonx.data | 2025-12-10 | N/A | 6.5 MEDIUM |
|
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
|
|||||
| CVE-2025-36102 | 1 Ibm | 2 Cognos Controller, Controller | 2025-12-10 | N/A | 2.7 LOW |
|
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security.
|
|||||
| CVE-2025-33111 | 1 Ibm | 2 Cognos Controller, Controller | 2025-12-10 | N/A | 4.3 MEDIUM |
|
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.
|
|||||
| CVE-2025-36015 | 1 Ibm | 2 Cognos Controller, Controller | 2025-12-10 | N/A | 6.5 MEDIUM |
|
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.
|
|||||
| CVE-2025-36017 | 1 Ibm | 1 Controller | 2025-12-10 | N/A | 6.5 MEDIUM |
|
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.
|
|||||
| CVE-2025-36118 | 1 Ibm | 1 Storage Virtualize | 2025-12-08 | N/A | 7.5 HIGH |
|
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
|
|||||
| CVE-2017-1303 | 1 Ibm | 1 Websphere Portal | 2025-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457.
|
|||||
| CVE-2024-29032 | 1 Ibm | 1 Qiskit Ibm Runtime | 2025-12-03 | N/A | 5.3 MEDIUM |
|
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue.
|
|||||
| CVE-2024-45656 | 1 Ibm | 56 Ess 5000 \(5105-22e\), Ess 5000 \(5105-22e\) Firmware, Power System E1080 \(9080-hex\) and 53 more | 2025-12-03 | N/A | 9.8 CRITICAL |
|
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.
|
|||||
| CVE-2024-45675 | 1 Ibm | 1 Informix Dynamic Server | 2025-12-03 | N/A | 8.4 HIGH |
|
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.
|
|||||
| CVE-2025-36149 | 1 Ibm | 1 Concert | 2025-12-02 | N/A | 6.3 MEDIUM |
|
IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim.
|
|||||
| CVE-2025-36088 | 1 Ibm | 4 Diamondback Tape Library, Diamondback Tape Library Firmware, Storage Ts4500 Library and 1 more | 2025-12-01 | N/A | 5.4 MEDIUM |
|
IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-36114 | 1 Ibm | 1 Soar Qradar Plugin App | 2025-12-01 | N/A | 6.5 MEDIUM |
|
IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
|
|||||
| CVE-2025-36112 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-12-01 | N/A | 5.3 MEDIUM |
|
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.
|
|||||
| CVE-2025-36150 | 1 Ibm | 1 Concert | 2025-12-01 | N/A | 5.9 MEDIUM |
|
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2025-36134 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-12-01 | N/A | 3.7 LOW |
|
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
|
|||||
| CVE-2024-49790 | 1 Ibm | 1 Watson Assistant For Ibm Cloud Pak For Data | 2025-11-26 | N/A | 5.4 MEDIUM |
|
IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-33110 | 1 Ibm | 1 Openpages | 2025-11-24 | N/A | 5.4 MEDIUM |
|
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
|
|||||
| CVE-2025-36371 | 1 Ibm | 1 I | 2025-11-24 | N/A | 6.5 MEDIUM |
|
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view.
|
|||||
| CVE-2025-36161 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-11-24 | N/A | 5.9 MEDIUM |
|
IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
|
|||||
| CVE-2025-36153 | 1 Ibm | 1 Concert | 2025-11-21 | N/A | 6.1 MEDIUM |
|
IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-36158 | 1 Ibm | 1 Concert | 2025-11-21 | N/A | 5.1 MEDIUM |
|
IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying.
|
|||||
| CVE-2025-36159 | 1 Ibm | 1 Concert | 2025-11-21 | N/A | 6.2 MEDIUM |
|
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output.
|
|||||
| CVE-2025-36160 | 1 Ibm | 1 Concert | 2025-11-21 | N/A | 5.3 MEDIUM |
|
IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system.
|
|||||
| CVE-2025-36386 | 1 Ibm | 1 Maximo Application Suite | 2025-11-21 | N/A | 9.8 CRITICAL |
|
IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
|
|||||
| CVE-2025-36096 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | N/A | 9.0 CRITICAL |
|
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.
|
|||||
| CVE-2025-36236 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | N/A | 8.2 HIGH |
|
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.
|
|||||
| CVE-2025-36250 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | N/A | 10.0 CRITICAL |
|
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.
|
|||||
| CVE-2025-36251 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | N/A | 9.6 CRITICAL |
|
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.
|
|||||
| CVE-2024-47118 | 1 Ibm | 1 Db2 | 2025-11-19 | N/A | 6.5 MEDIUM |
|
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
|
|||||
| CVE-2025-2534 | 1 Ibm | 1 Db2 | 2025-11-19 | N/A | 5.3 MEDIUM |
|
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
|
|||||
| CVE-2025-33012 | 1 Ibm | 1 Db2 | 2025-11-19 | N/A | 6.3 MEDIUM |
|
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.
|
|||||
| CVE-2025-36006 | 1 Ibm | 1 Db2 | 2025-11-19 | N/A | 6.5 MEDIUM |
|
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.
|
|||||
| CVE-2025-36008 | 1 Ibm | 1 Db2 | 2025-11-19 | N/A | 6.5 MEDIUM |
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.
|
|||||
| CVE-2025-36131 | 1 Ibm | 1 Db2 | 2025-11-19 | N/A | 4.6 MEDIUM |
|
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.
|
|||||
| CVE-2025-36136 | 1 Ibm | 1 Db2 | 2025-11-19 | N/A | 5.1 MEDIUM |
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions.
|
|||||
| CVE-2025-36299 | 1 Ibm | 2 Planning Analytics Local, Planning Analytics Workspace | 2025-11-19 | N/A | 4.3 MEDIUM |
|
IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.
|
|||||
| CVE-2025-36357 | 1 Ibm | 2 Planning Analytics Local, Planning Analytics Workspace | 2025-11-19 | N/A | 8.0 HIGH |
|
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.
|
|||||
| CVE-2025-36223 | 1 Ibm | 1 Openpages | 2025-11-18 | N/A | 5.4 MEDIUM |
|
IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
|
|||||
| CVE-2025-27368 | 1 Ibm | 1 Openpages | 2025-11-18 | N/A | 4.3 MEDIUM |
|
IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view.
|
|||||