Filtered by vendor Ibm
Subscriptions
Total
7897 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36354 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-10-08 | 7.3 High |
| IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input. | ||||
| CVE-2025-36355 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-10-08 | 8.5 High |
| IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere. | ||||
| CVE-2025-36356 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-10-08 | 9.3 Critical |
| IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required. | ||||
| CVE-2023-49886 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-08 | 9.8 Critical |
| IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2025-1826 | 1 Ibm | 1 Jazz Foundation | 2025-10-08 | 5.4 Medium |
| IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36156 | 1 Ibm | 1 Infosphere Data Replication | 2025-10-08 | 7.4 High |
| IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system. | ||||
| CVE-2025-36248 | 1 Ibm | 1 Copy Services Manager | 2025-10-08 | 5.4 Medium |
| IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36144 | 1 Ibm | 1 Watsonx.data | 2025-10-03 | 3.3 Low |
| IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2025-36326 | 1 Ibm | 2 Cognos Controller, Controller | 2025-10-03 | 3.7 Low |
| IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies. | ||||
| CVE-2025-36064 | 1 Ibm | 2 Sterling Connect, Sterling Connect\ | 2025-10-03 | 5.9 Medium |
| IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | ||||
| CVE-2025-36202 | 1 Ibm | 2 Webmethods, Webmethods Integration | 2025-10-03 | 7.5 High |
| IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source. | ||||
| CVE-2025-36037 | 1 Ibm | 2 Webmethods, Webmethods Integration | 2025-10-03 | 5.4 Medium |
| IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-36011 | 1 Ibm | 1 Jazz For Service Management | 2025-10-03 | 4.3 Medium |
| IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||
| CVE-2025-36099 | 1 Ibm | 1 Websphere Application Server | 2025-10-03 | 4.9 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources. | ||||
| CVE-2025-36352 | 1 Ibm | 1 License Metric Tool | 2025-10-03 | 6.4 Medium |
| IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36351 | 1 Ibm | 1 License Metric Tool | 2025-10-03 | 4.3 Medium |
| IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions. | ||||
| CVE-2025-36262 | 1 Ibm | 1 Planning Analytics Local | 2025-10-03 | 4.9 Medium |
| IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input. | ||||
| CVE-2025-36132 | 1 Ibm | 1 Planning Analytics Local | 2025-10-03 | 5.4 Medium |
| IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-50300 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | 5.1 Medium |
| IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls. | ||||
| CVE-2023-49883 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | 5.9 Medium |
| IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||