Filtered by vendor Ibm
Subscriptions
Total
7832 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56474 | 2 Ibm, Linux | 3 Aix, Txseries For Multiplatforms, Linux Kernel | 2025-07-16 | 4.3 Medium |
| IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-55909 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-07-16 | 6.5 Medium |
| IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption. | ||||
| CVE-2024-55910 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-07-16 | 6.5 Medium |
| IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2024-55912 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-07-16 | 5.9 Medium |
| IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-55913 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-07-16 | 5.3 Medium |
| IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2024-45638 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-16 | 4.1 Medium |
| IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. | ||||
| CVE-2024-45643 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-16 | 5.9 Medium |
| IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. | ||||
| CVE-2024-51476 | 2 Ibm, Linux | 3 Concert, Concert Software, Linux Kernel | 2025-07-16 | 7.5 High |
| IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | ||||
| CVE-2024-41743 | 2 Ibm, Linux | 2 Txseries For Multiplatforms, Linux Kernel | 2025-07-16 | 7.5 High |
| IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources. | ||||
| CVE-2024-41742 | 2 Ibm, Linux | 2 Txseries For Multiplatforms, Linux Kernel | 2025-07-16 | 7.5 High |
| IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. | ||||
| CVE-2024-45654 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-16 | 4.3 Medium |
| IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs. | ||||
| CVE-2024-45100 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-16 | 4.9 Medium |
| IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources. | ||||
| CVE-2024-45640 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-15 | 5.3 Medium |
| IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. | ||||
| CVE-2024-56475 | 2 Ibm, Linux | 3 Aix, Txseries For Multiplatforms, Linux Kernel | 2025-07-15 | 5.4 Medium |
| IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-0154 | 2 Ibm, Linux | 3 Aix, Txseries For Multiplatforms, Linux Kernel | 2025-07-15 | 5.3 Medium |
| IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers. | ||||
| CVE-2024-56476 | 2 Ibm, Linux | 3 Aix, Txseries For Multiplatforms, Linux Kernel | 2025-07-15 | 5.3 Medium |
| IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy. | ||||
| CVE-2024-45641 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-15 | 6.5 Medium |
| IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. | ||||
| CVE-2024-45644 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-15 | 4.7 Medium |
| IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment. | ||||
| CVE-2024-28766 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2025-07-14 | 2.4 Low |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system. | ||||
| CVE-2024-28770 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2025-07-14 | 4.8 Medium |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||