Filtered by vendor Ibm Subscriptions
Total 7726 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-2987 1 Ibm 1 Maximo Asset Management 2025-04-23 3.8 Low
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-27907 1 Ibm 1 Websphere Application Server 2025-04-23 4.1 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-1951 1 Ibm 1 Power Hardware Management Console 2025-04-23 8.4 High
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
CVE-2025-1950 1 Ibm 1 Power Hardware Management Console 2025-04-23 9.3 Critical
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
CVE-2022-34361 3 Ibm, Linux, Microsoft 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more 2025-04-23 5.9 Medium
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
CVE-2022-43867 2 Ibm, Linux 2 Spectrum Scale Container Native Storage Access, Linux Kernel 2025-04-23 7.8 High
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.
CVE-2022-41735 1 Ibm 1 Business Automation Workflow 2025-04-22 5.4 Medium
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.
CVE-2022-43581 1 Ibm 1 Content Navigator 2025-04-22 7.5 High
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
CVE-2022-41299 1 Ibm 1 Cloud Transformation Advisor 2025-04-22 4.4 Medium
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214.
CVE-2025-2947 1 Ibm 1 I 2025-04-22 7.2 High
IBM i 7.6  contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the host operating system.
CVE-2024-49808 1 Ibm 1 Sterling Connect Direct Web Services 2025-04-21 6.3 Medium
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
CVE-2024-45651 1 Ibm 1 Sterling Connect Direct Web Services 2025-04-21 6.3 Medium
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
CVE-2016-0305 1 Ibm 1 Connections 2025-04-20 N/A
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2016-0307 1 Ibm 1 Connections 2025-04-20 N/A
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
CVE-2016-0308 1 Ibm 1 Connections 2025-04-20 N/A
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
CVE-2016-0310 1 Ibm 1 Connections 2025-04-20 N/A
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
CVE-2016-0355 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894.
CVE-2016-0360 1 Ibm 1 Websphere Mq Jms 2025-04-20 N/A
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457.
CVE-2016-0371 6 Apple, Hp, Ibm and 3 more 7 Mac Os X, Hp-ux, Aix and 4 more 2025-04-20 5.5 Medium
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
CVE-2016-0255 1 Ibm 1 Marketing Platform 2025-04-20 N/A
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564.