ReportizFlow
Filtered by vendor Ibm
Subscriptions
Total
7820 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35144 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 5.3 Medium |
| IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. | ||||
| CVE-2024-35145 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 6.1 Medium |
| IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-35148 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 6.3 Medium |
| IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | ||||
| CVE-2024-35150 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 5.3 Medium |
| IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. | ||||
| CVE-2025-0158 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-08 | 5.5 Medium |
| IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. | ||||
| CVE-2025-0759 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-08 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization. | ||||
| CVE-2024-38314 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 5.9 Medium |
| IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. | ||||
| CVE-2024-22351 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | 6.3 Medium |
| IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2025-25045 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | 4.3 Medium |
| IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. | ||||
| CVE-2023-43037 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 6.5 Medium |
| IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. | ||||
| CVE-2024-43186 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | ||||
| CVE-2024-7577 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | 4.4 Medium |
| IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. | ||||
| CVE-2024-55895 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | 2.7 Low |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2024-43190 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-07-08 | 5.9 Medium |
| IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques. | ||||
| CVE-2025-0966 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | 7.6 High |
| IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | ||||
| CVE-2025-3221 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | 7.5 High |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. | ||||
| CVE-2025-3629 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management. | ||||
| CVE-2024-56467 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-56493 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-56494 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||