Filtered by vendor Ibm
Subscriptions
Total
7812 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45655 | 1 Ibm | 1 Application Gateway | 2025-08-12 | 5.5 Medium |
IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. | ||||
CVE-2025-25019 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-12 | 4.8 Medium |
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system. | ||||
CVE-2025-25020 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-12 | 6.5 Medium |
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input. | ||||
CVE-2025-25021 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-12 | 7.2 High |
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. | ||||
CVE-2025-25022 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-12 | 9.6 Critical |
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files. | ||||
CVE-2025-0799 | 1 Ibm | 1 App Connect Enterprise | 2025-08-12 | 6.5 Medium |
IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories. | ||||
CVE-2024-52892 | 1 Ibm | 1 Jazz For Service Management | 2025-08-12 | 6.1 Medium |
IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2025-1951 | 1 Ibm | 2 Hardware Management Console, Power Hardware Management Console | 2025-08-12 | 8.4 High |
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges. | ||||
CVE-2025-25046 | 1 Ibm | 1 Infosphere Information Server | 2025-08-12 | 3.7 Low |
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | ||||
CVE-2019-4160 | 1 Ibm | 1 Security Guardium Data Encryption | 2025-08-12 | 7.5 High |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577. | ||||
CVE-2019-4687 | 1 Ibm | 1 Security Guardium Data Encryption | 2025-08-12 | 5.3 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823. | ||||
CVE-2019-4702 | 1 Ibm | 1 Security Guardium Data Encryption | 2025-08-12 | 8.1 High |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | ||||
CVE-2024-49348 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-12 | 4.3 Medium |
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context. | ||||
CVE-2024-52364 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-12 | 5.4 Medium |
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2024-52365 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-12 | 6.4 Medium |
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2025-1137 | 1 Ibm | 2 Spectrum Scale Container Native Storage Access, Storage Scale | 2025-08-12 | 7.5 High |
IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization. | ||||
CVE-2024-52903 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-08-12 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
CVE-2025-36097 | 1 Ibm | 1 Websphere Application Server | 2025-08-11 | 7.5 High |
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources. | ||||
CVE-2025-33109 | 1 Ibm | 1 I | 2025-08-11 | 7.5 High |
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions. | ||||
CVE-2025-33020 | 1 Ibm | 2 Engineering Systems Design Rhapsody, Rhapsody Design Manager | 2025-08-11 | 5.9 Medium |
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information. |