Filtered by vendor Ibm
Subscriptions
Filtered by product I
Subscriptions
Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2947 | 1 Ibm | 1 I | 2026-02-26 | 7.2 High |
| IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system. | ||||
| CVE-2025-33103 | 1 Ibm | 1 I | 2026-02-26 | 8.5 High |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. | ||||
| CVE-2025-36004 | 1 Ibm | 1 I | 2026-02-26 | 8.8 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2025-36038 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2026-02-26 | 9 Critical |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. | ||||
| CVE-2025-33109 | 1 Ibm | 1 I | 2026-02-26 | 7.5 High |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions. | ||||
| CVE-2025-36119 | 1 Ibm | 1 I | 2026-02-26 | 7.1 High |
| IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator. | ||||
| CVE-2025-36367 | 1 Ibm | 1 I | 2026-02-26 | 8.8 High |
| IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system. | ||||
| CVE-2023-47150 | 2 Ibm, Linux | 4 Aix, Common Cryptographic Architecture, I and 1 more | 2026-02-04 | 7.5 High |
| IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602. | ||||
| CVE-2025-36371 | 1 Ibm | 1 I | 2025-11-24 | 6.5 Medium |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view. | ||||
| CVE-2024-51464 | 1 Ibm | 1 I | 2025-11-03 | 4.3 Medium |
| IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. | ||||
| CVE-2024-51463 | 1 Ibm | 1 I | 2025-11-03 | 5.4 Medium |
| IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-36047 | 4 Apple, Ibm, Linux and 1 more | 7 Macos, Aix, I and 4 more | 2025-11-03 | 5.3 Medium |
| IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | ||||
| CVE-2025-36128 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, I, Mq and 3 more | 2025-10-28 | 7.5 High |
| IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. | ||||
| CVE-2024-35122 | 1 Ibm | 1 I | 2025-09-29 | 2.8 Low |
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file. | ||||
| CVE-2024-27275 | 1 Ibm | 1 I | 2025-09-29 | 7.4 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. | ||||
| CVE-2024-22340 | 2 Ibm, Linux | 5 4769, Aix, Common Cryptographic Architecture and 2 more | 2025-09-01 | 6.5 Medium |
| IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack. | ||||
| CVE-2024-49823 | 2 Ibm, Linux | 5 4769, Aix, Common Cryptographic Architecture and 2 more | 2025-09-01 | 6.5 Medium |
| IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests. | ||||
| CVE-2024-41760 | 2 Ibm, Linux | 5 4769, Aix, Common Cryptographic Architecture and 2 more | 2025-09-01 | 3.7 Low |
| IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations. | ||||
| CVE-2025-27907 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-09-01 | 4.1 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-3218 | 1 Ibm | 1 I | 2025-09-01 | 5.4 Medium |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server. | ||||