Filtered by vendor Ibm Subscriptions
Total 8337 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-14806 2 Ibm, Microsoft 2 Planning Analytics Local, Windows 2026-03-24 5.7 Medium
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.
CVE-2026-1267 2 Ibm, Microsoft 2 Planning Analytics Local, Windows 2026-03-24 6.5 Medium
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.
CVE-2026-1376 1 Ibm 1 I 2026-03-24 7.5 High
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
CVE-2026-3856 1 Ibm 1 Db2 Recovery Expert 2026-03-24 5.3 Medium
IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission.
CVE-2025-14031 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2026-03-24 7.5 High
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.
CVE-2026-1264 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2026-03-24 7.1 High
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.
CVE-2025-13726 2 Ibm, Linux 2 Sterling Partner Engagement Manager, Linux Kernel 2026-03-23 5.3 Medium
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
CVE-2025-13723 2 Ibm, Linux 2 Sterling Partner Engagement Manager, Linux Kernel 2026-03-23 5.3 Medium
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token
CVE-2025-13718 2 Ibm, Linux 2 Sterling Partner Engagement Manager, Linux Kernel 2026-03-23 3.7 Low
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2025-13702 2 Ibm, Linux 2 Sterling Partner Engagement Manager, Linux Kernel 2026-03-23 6.1 Medium
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-14483 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2026-03-23 4.3 Medium
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.
CVE-2023-40693 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2026-03-23 5.4 Medium
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-36368 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2026-03-23 6.5 Medium
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2025-13460 3 Ibm, Linux, Microsoft 3 Aspera Console, Linux Kernel, Windows 2026-03-23 5.3 Medium
IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy.
CVE-2025-13459 3 Ibm, Linux, Microsoft 3 Aspera Console, Linux Kernel, Windows 2026-03-23 2.7 Low
IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow.
CVE-2025-13212 3 Ibm, Linux, Microsoft 3 Aspera Console, Linux Kernel, Windows 2026-03-23 5.3 Medium
IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.
CVE-2025-14504 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2026-03-20 5.4 Medium
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-36064 1 Ibm 1 Sterling Connect\ 2026-03-13 5.9 Medium
IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2024-39745 3 Ibm, Linux, Microsoft 5 Aix, Sterling Connect\, Sterling Connect Direct Web Services and 2 more 2026-03-13 5.9 Medium
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-39744 3 Ibm, Linux, Microsoft 5 Aix, Sterling Connect\, Sterling Connect Direct Web Services and 2 more 2026-03-13 4.3 Medium
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.