Filtered by vendor Ibm
Subscriptions
Total
7819 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56339 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | 3.7 Low |
| IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration. | ||||
| CVE-2023-38264 | 2 Ibm, Redhat | 3 Java Software Development Kit, Enterprise Linux, Rhel Extras | 2025-08-14 | 5.9 Medium |
| The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. | ||||
| CVE-2023-43040 | 2 Ibm, Redhat | 2 Storage Fusion Hci, Ceph Storage | 2025-08-14 | 6.5 Medium |
| IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807. | ||||
| CVE-2024-51461 | 1 Ibm | 1 Qradar Wincollect | 2025-08-14 | 4.3 Medium |
| IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources. | ||||
| CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2025-08-14 | 4 Medium |
| IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | ||||
| CVE-2025-1998 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | 5.5 Medium |
| IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user. | ||||
| CVE-2025-1997 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | 5.4 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | ||||
| CVE-2024-49822 | 1 Ibm | 2 Qradar Advisor, Qradar Advisor With Watson | 2025-08-14 | 4.1 Medium |
| IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2024-38325 | 1 Ibm | 2 Storage Defender, Storage Defender Resiliency Service | 2025-08-14 | 5.9 Medium |
| IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2024-31906 | 1 Ibm | 1 Automation Decision Services | 2025-08-14 | 6.2 Medium |
| IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2024-41739 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2025-08-14 | 8.8 High |
| IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion. | ||||
| CVE-2024-28787 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2025-08-14 | 8.7 High |
| IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584. | ||||
| CVE-2024-28782 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-14 | 6.3 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. | ||||
| CVE-2025-33118 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-08-14 | 6.4 Medium |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-2824 | 1 Ibm | 1 Operational Decision Manager | 2025-08-14 | 7.4 High |
| IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||
| CVE-2024-38335 | 1 Ibm | 2 Qradar Network Threat Analytics, Qradar Security Network Threat Analytics | 2025-08-14 | 4.5 Medium |
| IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources. | ||||
| CVE-2025-2670 | 1 Ibm | 2 Openpages, Openpages With Watson | 2025-08-14 | 4.3 Medium |
| IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state. | ||||
| CVE-2025-36014 | 1 Ibm | 2 Integration Bus, Integration Bus For Z\/os | 2025-08-14 | 8.2 High |
| IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory. | ||||
| CVE-2024-41746 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-08-14 | 7.2 High |
| IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45662 | 1 Ibm | 1 Safer Payments | 2025-08-14 | 7.5 High |
| IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources. | ||||