Filtered by vendor Ibm
Subscriptions
Total
8199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36121 | 1 Ibm | 1 Openpages | 2025-11-03 | 5.4 Medium |
| IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2025-36081 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-10-31 | 5.3 Medium |
| IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to improper neutralization of log input. | ||||
| CVE-2025-36083 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-10-31 | 6.2 Medium |
| IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release. | ||||
| CVE-2025-36085 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-10-31 | 5.4 Medium |
| IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2024-39746 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect\, Sterling Connect Direct Web Services and 2 more | 2025-10-31 | 5.9 Medium |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2022-41299 | 1 Ibm | 1 Transformation Advisor | 2025-10-29 | 4.4 Medium |
| IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. | ||||
| CVE-2025-36128 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, I, Mq and 3 more | 2025-10-28 | 7.5 High |
| IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. | ||||
| CVE-2025-36361 | 1 Ibm | 1 App Connect Enterprise | 2025-10-28 | 6.3 Medium |
| IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization. | ||||
| CVE-2022-47986 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-10-27 | 9.8 Critical |
| IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. | ||||
| CVE-2025-36002 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-10-25 | 5.5 Medium |
| IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user. | ||||
| CVE-2025-36020 | 1 Ibm | 2 Guardium Data Protection, Security Guardium | 2025-10-22 | 5.9 Medium |
| IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information. | ||||
| CVE-2025-27906 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Content Navigator, Linux Kernel and 1 more | 2025-10-21 | 5.3 Medium |
| IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified. | ||||
| CVE-2025-36087 | 1 Ibm | 3 Security Verify Access, Security Verify Access Docker, Verify Identity Access | 2025-10-20 | 8.1 High |
| IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2022-35715 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-10-20 | 7.5 High |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202. | ||||
| CVE-2024-56340 | 1 Ibm | 1 Cognos Analytics | 2025-10-17 | 6.5 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter. | ||||
| CVE-2025-33096 | 3 Ibm, Linux, Microsoft | 4 Aix, Engineering Requirements Management Doors Next, Linux Kernel and 1 more | 2025-10-16 | 6.5 Medium |
| IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion. | ||||
| CVE-2025-2140 | 3 Ibm, Linux, Microsoft | 4 Aix, Engineering Requirements Management Doors Next, Linux Kernel and 1 more | 2025-10-16 | 5.7 Medium |
| IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data. | ||||
| CVE-2025-2139 | 3 Ibm, Linux, Microsoft | 4 Aix, Engineering Requirements Management Doors Next, Linux Kernel and 1 more | 2025-10-16 | 3.5 Low |
| IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security. | ||||
| CVE-2025-2138 | 3 Ibm, Linux, Microsoft | 4 Aix, Engineering Requirements Management Doors Next, Linux Kernel and 1 more | 2025-10-16 | 3.5 Low |
| IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security. | ||||
| CVE-2023-50301 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-15 | 1.9 Low |
| IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user. | ||||