Filtered by vendor Ibm Subscriptions
Total 7812 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45655 1 Ibm 1 Application Gateway 2025-08-12 5.5 Medium
IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
CVE-2025-25019 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2025-08-12 4.8 Medium
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.
CVE-2025-25020 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2025-08-12 6.5 Medium
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.
CVE-2025-25021 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2025-08-12 7.2 High
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.
CVE-2025-25022 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2025-08-12 9.6 Critical
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.
CVE-2025-0799 1 Ibm 1 App Connect Enterprise 2025-08-12 6.5 Medium
IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.
CVE-2024-52892 1 Ibm 1 Jazz For Service Management 2025-08-12 6.1 Medium
IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-1951 1 Ibm 2 Hardware Management Console, Power Hardware Management Console 2025-08-12 8.4 High
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
CVE-2025-25046 1 Ibm 1 Infosphere Information Server 2025-08-12 3.7 Low
IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
CVE-2019-4160 1 Ibm 1 Security Guardium Data Encryption 2025-08-12 7.5 High
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.
CVE-2019-4687 1 Ibm 1 Security Guardium Data Encryption 2025-08-12 5.3 Medium
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.
CVE-2019-4702 1 Ibm 1 Security Guardium Data Encryption 2025-08-12 8.1 High
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CVE-2024-49348 1 Ibm 1 Cloud Pak For Business Automation 2025-08-12 4.3 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.
CVE-2024-52364 1 Ibm 1 Cloud Pak For Business Automation 2025-08-12 5.4 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-52365 1 Ibm 1 Cloud Pak For Business Automation 2025-08-12 6.4 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-1137 1 Ibm 2 Spectrum Scale Container Native Storage Access, Storage Scale 2025-08-12 7.5 High
IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
CVE-2024-52903 4 Ibm, Linux, Microsoft and 1 more 4 Db2, Linux Kernel, Windows and 1 more 2025-08-12 5.3 Medium
IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVE-2025-36097 1 Ibm 1 Websphere Application Server 2025-08-11 7.5 High
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.
CVE-2025-33109 1 Ibm 1 I 2025-08-11 7.5 High
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.
CVE-2025-33020 1 Ibm 2 Engineering Systems Design Rhapsody, Rhapsody Design Manager 2025-08-11 5.9 Medium
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.