ReportizFlow
Filtered by vendor Ibm
Subscriptions
Total
7909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36144 | 1 Ibm | 1 Watsonx.data | 2025-10-03 | 3.3 Low |
| IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2025-36326 | 1 Ibm | 2 Cognos Controller, Controller | 2025-10-03 | 3.7 Low |
| IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies. | ||||
| CVE-2025-36064 | 1 Ibm | 2 Sterling Connect, Sterling Connect\ | 2025-10-03 | 5.9 Medium |
| IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | ||||
| CVE-2025-36202 | 1 Ibm | 2 Webmethods, Webmethods Integration | 2025-10-03 | 7.5 High |
| IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source. | ||||
| CVE-2025-36037 | 1 Ibm | 2 Webmethods, Webmethods Integration | 2025-10-03 | 5.4 Medium |
| IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-36011 | 1 Ibm | 1 Jazz For Service Management | 2025-10-03 | 4.3 Medium |
| IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||
| CVE-2025-36099 | 1 Ibm | 1 Websphere Application Server | 2025-10-03 | 4.9 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources. | ||||
| CVE-2025-36352 | 1 Ibm | 1 License Metric Tool | 2025-10-03 | 6.4 Medium |
| IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36351 | 1 Ibm | 1 License Metric Tool | 2025-10-03 | 4.3 Medium |
| IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions. | ||||
| CVE-2025-36262 | 1 Ibm | 1 Planning Analytics Local | 2025-10-03 | 4.9 Medium |
| IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input. | ||||
| CVE-2025-36132 | 1 Ibm | 1 Planning Analytics Local | 2025-10-03 | 5.4 Medium |
| IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-50300 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | 5.1 Medium |
| IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls. | ||||
| CVE-2023-49883 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | 5.9 Medium |
| IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2023-49881 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | 6.3 Medium |
| IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2023-50301 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | 1.9 Low |
| IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2025-36222 | 1 Ibm | 3 Storage Fusion, Storage Fusion Hci, Storage Fusion Hci For Watsonx | 2025-10-02 | 8.7 High |
| IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions. | ||||
| CVE-2025-36245 | 1 Ibm | 1 Infosphere Information Server | 2025-10-02 | 8.8 High |
| IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input. | ||||
| CVE-2025-36056 | 1 Ibm | 7 3948-ved, 3948-ved Firmware, 3948-vef and 4 more | 2025-09-30 | 5.4 Medium |
| IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-2141 | 1 Ibm | 7 3948-ved, 3948-ved Firmware, 3948-vef and 4 more | 2025-09-30 | 6.1 Medium |
| IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-0985 | 1 Ibm | 1 Mq | 2025-09-30 | 5.5 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. | ||||