Filtered by vendor Ibm
Subscriptions
Total
7904 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38720 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-06-12 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. | ||||
| CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-06-11 | 8.4 High |
| IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | ||||
| CVE-2022-43855 | 1 Ibm | 1 Spss Statistics | 2025-06-10 | 6.2 Medium |
| IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. | ||||
| CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-06-10 | 4.4 Medium |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | ||||
| CVE-2023-50308 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2025-06-10 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. | ||||
| CVE-2023-50933 | 1 Ibm | 1 Powersc | 2025-06-03 | 6.1 Medium |
| IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | ||||
| CVE-2023-45190 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2025-06-03 | 5.1 Medium |
| IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. | ||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2025-06-03 | 5.1 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | ||||
| CVE-2024-23621 | 1 Ibm | 1 Merge Efilm Workstation | 2025-06-03 | 10 Critical |
| A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | ||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2025-06-03 | 6.5 Medium |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | ||||
| CVE-2023-31001 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-06-03 | 5.1 Medium |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653. | ||||
| CVE-2023-40699 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-06-03 | 7.5 High |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. | ||||
| CVE-2024-22317 | 1 Ibm | 1 App Connect Enterprise | 2025-06-02 | 9.1 Critical |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. | ||||
| CVE-2023-40683 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-05-30 | 8.8 High |
| IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. | ||||
| CVE-2023-47152 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2025-05-30 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. | ||||
| CVE-2023-47158 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-05-30 | 5.3 Medium |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. | ||||
| CVE-2023-38003 | 1 Ibm | 1 Db2 | 2025-05-29 | 7.2 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214. | ||||
| CVE-2022-40616 | 1 Ibm | 1 Maximo Asset Management | 2025-05-28 | 8.1 High |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311. | ||||
| CVE-2023-28523 | 1 Ibm | 2 Informix Dynamic Server, Informix Dynamic Server On Cloud Pak For Data | 2025-05-27 | 8.4 High |
| IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. | ||||
| CVE-2022-34348 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2025-05-22 | 7.1 High |
| IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017. | ||||