Filtered by vendor Ibm
Subscriptions
Total
7727 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51472 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-06-20 | 3.1 Low |
| IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | ||||
| CVE-2022-22491 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2025-06-20 | 5.5 Medium |
| IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. | ||||
| CVE-2024-43176 | 3 Ibm, Linux, Microsoft | 4 Openpages, Openpages With Watson, Linux Kernel and 1 more | 2025-06-20 | 5.4 Medium |
| IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. | ||||
| CVE-2025-3440 | 1 Ibm | 1 Security Guardium | 2025-06-20 | 5.5 Medium |
| IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-25023 | 1 Ibm | 1 Security Guardium | 2025-06-20 | 4.9 Medium |
| IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment. | ||||
| CVE-2024-54175 | 1 Ibm | 1 Mq | 2025-06-20 | 5.5 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. | ||||
| CVE-2025-0985 | 1 Ibm | 1 Mq | 2025-06-20 | 5.5 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. | ||||
| CVE-2022-43840 | 1 Ibm | 1 Aspera Console | 2025-06-19 | 4.3 Medium |
| IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document. | ||||
| CVE-2023-43052 | 1 Ibm | 1 Control Center | 2025-06-19 | 5.3 Medium |
| IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. | ||||
| CVE-2024-45673 | 3 Ibm, Linux, Microsoft | 5 Security Verify Bridge Directory Sync, Security Verify Gateway For Radius, Security Verify Gateway For Windows Login and 2 more | 2025-06-18 | 5.5 Medium |
| IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user. | ||||
| CVE-2025-1403 | 1 Ibm | 1 Qiskit | 2025-06-18 | 8.6 High |
| Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library. | ||||
| CVE-2024-41744 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-06-18 | 6.5 Medium |
| IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-35138 | 1 Ibm | 1 Security Verify Access | 2025-06-18 | 6.5 Medium |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2021-20450 | 1 Ibm | 1 Cognos Controller | 2025-06-18 | 4.3 Medium |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640. | ||||
| CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-06-17 | 6.2 Medium |
| IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | ||||
| CVE-2023-32328 | 1 Ibm | 1 Security Verify Access | 2025-06-17 | 7.5 High |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | ||||
| CVE-2023-31005 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-06-17 | 6.2 Medium |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. | ||||
| CVE-2024-23622 | 1 Ibm | 1 Merge Efilm Workstation | 2025-06-17 | 10 Critical |
| A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. | ||||
| CVE-2023-50963 | 1 Ibm | 1 Storage Defender Data Protect | 2025-06-17 | 6.5 Medium |
| IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | ||||
| CVE-2023-47718 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2025-06-17 | 4.3 Medium |
| IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. | ||||