Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36186 | 1 Ibm | 1 Db2 | 2025-11-18 | N/A | 7.4 HIGH |
|
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
|
|||||
| CVE-2025-36185 | 1 Ibm | 1 Db2 | 2025-11-18 | N/A | 6.2 MEDIUM |
|
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
|
|||||
| CVE-2025-33093 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2025-11-13 | N/A | 7.5 HIGH |
|
IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.
|
|||||
| CVE-2025-3356 | 1 Ibm | 1 Tivoli Monitoring | 2025-11-07 | N/A | 8.6 HIGH |
|
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
|
|||||
| CVE-2025-3355 | 1 Ibm | 1 Tivoli Monitoring | 2025-11-07 | N/A | 7.5 HIGH |
|
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
|
|||||
| CVE-2024-35114 | 1 Ibm | 1 Control Center | 2025-11-06 | N/A | 5.3 MEDIUM |
|
IBM Control Center 6.2.1 and 6.3.1
could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
|
|||||
| CVE-2024-35111 | 1 Ibm | 1 Control Center | 2025-11-06 | N/A | 4.3 MEDIUM |
|
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
|
|||||
| CVE-2023-52292 | 1 Ibm | 1 Sterling File Gateway | 2025-11-06 | N/A | 6.4 MEDIUM |
|
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-33131 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2 High Performance Unload Load, Linux On Ibm Z and 2 more | 2025-11-06 | N/A | 6.5 MEDIUM |
|
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.
|
|||||
| CVE-2025-33132 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2 High Performance Unload Load, Linux On Ibm Z and 2 more | 2025-11-06 | N/A | 6.5 MEDIUM |
|
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to.
|
|||||
| CVE-2025-33133 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2 High Performance Unload Load, Linux On Ibm Z and 2 more | 2025-11-06 | N/A | 6.5 MEDIUM |
|
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due an out of bounds write.
|
|||||
| CVE-2024-49336 | 1 Ibm | 1 Security Guardium | 2025-11-05 | N/A | 6.5 MEDIUM |
|
IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
|
|||||
| CVE-2025-33126 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2 High Performance Unload Load, Linux On Ibm Z and 2 more | 2025-11-05 | N/A | 6.5 MEDIUM |
|
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.
|
|||||
| CVE-2025-33003 | 1 Ibm | 1 Infosphere Information Server | 2025-11-05 | N/A | 7.8 HIGH |
|
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.
|
|||||
| CVE-2025-36249 | 1 Ibm | 1 Jazz For Service Management | 2025-11-05 | N/A | 3.7 LOW |
|
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
|
|||||
| CVE-2025-36367 | 1 Ibm | 1 I | 2025-11-05 | N/A | 8.8 HIGH |
|
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.
|
|||||
| CVE-2025-36172 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-11-05 | N/A | 6.4 MEDIUM |
|
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-12531 | 1 Ibm | 1 Infosphere Information Server | 2025-11-05 | N/A | 7.1 HIGH |
|
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
|
|||||
| CVE-2025-36093 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-11-05 | N/A | 4.8 MEDIUM |
|
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
|
|||||
| CVE-2025-36092 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-11-05 | N/A | 6.5 MEDIUM |
|
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.
|
|||||
| CVE-2025-36091 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-11-05 | N/A | 4.3 MEDIUM |
|
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
|
|||||
| CVE-2025-36248 | 1 Ibm | 1 Copy Services Manager | 2025-11-04 | N/A | 6.1 MEDIUM |
|
IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2023-43040 | 1 Ibm | 1 Storage Fusion Hci | 2025-11-04 | N/A | 6.5 MEDIUM |
|
IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.
|
|||||
| CVE-2023-28528 | 1 Ibm | 2 Aix, Vios | 2025-11-04 | N/A | 8.4 HIGH |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.
|
|||||
| CVE-2024-37529 | 1 Ibm | 1 Db2 | 2025-11-04 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.
|
|||||
| CVE-2024-35152 | 1 Ibm | 1 Db2 | 2025-11-04 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.
|
|||||
| CVE-2024-35136 | 1 Ibm | 1 Db2 | 2025-11-04 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.
|
|||||
| CVE-2024-31882 | 1 Ibm | 1 Db2 | 2025-11-04 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614.
|
|||||
| CVE-2024-31881 | 1 Ibm | 1 Db2 | 2025-11-04 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.
|
|||||
| CVE-2024-31880 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-11-04 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
|
|||||
| CVE-2024-28762 | 1 Ibm | 1 Db2 | 2025-11-04 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.
|
|||||
| CVE-2020-4428 | 1 Ibm | 1 Data Risk Manager | 2025-11-04 | 9.0 HIGH | 9.1 CRITICAL |
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
|
|||||
| CVE-2020-4427 | 1 Ibm | 1 Data Risk Manager | 2025-11-04 | 9.0 HIGH | 9.8 CRITICAL |
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
|
|||||
| CVE-2024-51464 | 1 Ibm | 1 I | 2025-11-03 | N/A | 4.3 MEDIUM |
|
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.
|
|||||
| CVE-2024-51463 | 1 Ibm | 1 I | 2025-11-03 | N/A | 5.4 MEDIUM |
|
IBM i 7.3, 7.4, and 7.5
is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
|
|||||
| CVE-2024-35142 | 1 Ibm | 1 Security Verify Access Docker | 2025-11-03 | N/A | 8.4 HIGH |
|
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418.
|
|||||
| CVE-2024-35141 | 1 Ibm | 1 Security Verify Access Docker | 2025-11-03 | N/A | 7.8 HIGH |
|
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.
|
|||||
| CVE-2024-35140 | 1 Ibm | 1 Security Verify Access Docker | 2025-11-03 | N/A | 7.7 HIGH |
|
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416.
|
|||||
| CVE-2024-35139 | 1 Ibm | 1 Security Access Manager | 2025-11-03 | N/A | 6.2 MEDIUM |
|
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.
|
|||||
| CVE-2024-35137 | 1 Ibm | 1 Security Access Manager | 2025-11-03 | N/A | 6.2 MEDIUM |
|
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
|
|||||