Filtered by vendor Ibm
Subscriptions
Total
7726 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-2987 | 1 Ibm | 1 Maximo Asset Management | 2025-04-23 | 3.8 Low |
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
CVE-2025-27907 | 1 Ibm | 1 Websphere Application Server | 2025-04-23 | 4.1 Medium |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
CVE-2025-1951 | 1 Ibm | 1 Power Hardware Management Console | 2025-04-23 | 8.4 High |
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges. | ||||
CVE-2025-1950 | 1 Ibm | 1 Power Hardware Management Console | 2025-04-23 | 9.3 Critical |
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source. | ||||
CVE-2022-34361 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2025-04-23 | 5.9 Medium |
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. | ||||
CVE-2022-43867 | 2 Ibm, Linux | 2 Spectrum Scale Container Native Storage Access, Linux Kernel | 2025-04-23 | 7.8 High |
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437. | ||||
CVE-2022-41735 | 1 Ibm | 1 Business Automation Workflow | 2025-04-22 | 5.4 Medium |
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687. | ||||
CVE-2022-43581 | 1 Ibm | 1 Content Navigator | 2025-04-22 | 7.5 High |
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. | ||||
CVE-2022-41299 | 1 Ibm | 1 Cloud Transformation Advisor | 2025-04-22 | 4.4 Medium |
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. | ||||
CVE-2025-2947 | 1 Ibm | 1 I | 2025-04-22 | 7.2 High |
IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system. | ||||
CVE-2024-49808 | 1 Ibm | 1 Sterling Connect Direct Web Services | 2025-04-21 | 6.3 Medium |
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions. | ||||
CVE-2024-45651 | 1 Ibm | 1 Sterling Connect Direct Web Services | 2025-04-21 | 6.3 Medium |
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. | ||||
CVE-2016-0305 | 1 Ibm | 1 Connections | 2025-04-20 | N/A |
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
CVE-2016-0307 | 1 Ibm | 1 Connections | 2025-04-20 | N/A |
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. | ||||
CVE-2016-0308 | 1 Ibm | 1 Connections | 2025-04-20 | N/A |
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. | ||||
CVE-2016-0310 | 1 Ibm | 1 Connections | 2025-04-20 | N/A |
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. | ||||
CVE-2016-0355 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. | ||||
CVE-2016-0360 | 1 Ibm | 1 Websphere Mq Jms | 2025-04-20 | N/A |
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. | ||||
CVE-2016-0371 | 6 Apple, Hp, Ibm and 3 more | 7 Mac Os X, Hp-ux, Aix and 4 more | 2025-04-20 | 5.5 Medium |
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. | ||||
CVE-2016-0255 | 1 Ibm | 1 Marketing Platform | 2025-04-20 | N/A |
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564. |