ReportizFlow
Filtered by vendor Ibm
Subscriptions
Total
7843 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36157 | 1 Ibm | 1 Jazz Foundation | 2025-08-26 | 9.8 Critical |
| IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions. | ||||
| CVE-2025-36174 | 1 Ibm | 1 Integrated Analytics System | 2025-08-26 | 8 High |
| IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. | ||||
| CVE-2024-56463 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-08-26 | 4.8 Medium |
| IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36014 | 1 Ibm | 2 Integration Bus, Z\/os | 2025-08-25 | 8.2 High |
| IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory. | ||||
| CVE-2025-25020 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-24 | 6.5 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input. | ||||
| CVE-2025-25019 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-24 | 4.8 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system. | ||||
| CVE-2025-25021 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-24 | 7.2 High |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. | ||||
| CVE-2025-1334 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-24 | 4 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2024-45655 | 1 Ibm | 1 Application Gateway | 2025-08-24 | 5.5 Medium |
| IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. | ||||
| CVE-2024-22330 | 1 Ibm | 1 Security Verify Governance | 2025-08-24 | 5.9 Medium |
| IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2024-56343 | 1 Ibm | 2 Security Verify Access, Verify Identity Access Digital Credentials | 2025-08-24 | 4.3 Medium |
| IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request. | ||||
| CVE-2024-56342 | 1 Ibm | 2 Security Verify Access, Verify Identity Access Digital Credentials | 2025-08-24 | 4.3 Medium |
| IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2025-33112 | 1 Ibm | 2 Aix, Vios | 2025-08-24 | 8.4 High |
| IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input. | ||||
| CVE-2025-0923 | 1 Ibm | 1 Cognos Analytics | 2025-08-24 | 5.3 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system. | ||||
| CVE-2025-0917 | 1 Ibm | 1 Cognos Analytics | 2025-08-24 | 5.5 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-0163 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-08-24 | 5.3 Medium |
| IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts. | ||||
| CVE-2025-25032 | 1 Ibm | 1 Cognos Analytics | 2025-08-24 | 7.5 High |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources. | ||||
| CVE-2025-3473 | 1 Ibm | 2 Guardium Data Protection, Security Guardium | 2025-08-24 | 6.7 Medium |
| IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. | ||||
| CVE-2025-33108 | 1 Ibm | 1 I | 2025-08-24 | 8.5 High |
| IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system. | ||||
| CVE-2025-1411 | 1 Ibm | 1 Security Verify Directory | 2025-08-24 | 7.8 High |
| IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges. | ||||