Filtered by vendor Ibm
Subscriptions
Total
7683 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0917 | 1 Ibm | 1 Cognos Analytics | 2025-06-17 | 5.5 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-0923 | 1 Ibm | 1 Cognos Analytics | 2025-06-17 | 5.3 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system. | ||||
| CVE-2025-25032 | 1 Ibm | 1 Cognos Analytics | 2025-06-17 | 7.5 High |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources. | ||||
| CVE-2025-33108 | 1 Ibm | 1 I | 2025-06-17 | 8.5 High |
| IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system. | ||||
| CVE-2025-1411 | 1 Ibm | 1 Security Verify Directory | 2025-06-17 | 7.8 High |
| IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges. | ||||
| CVE-2023-38738 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-06-16 | 6.8 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. | ||||
| CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2025-06-16 | 9.8 Critical |
| A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | ||||
| CVE-2025-36041 | 1 Ibm | 1 Mq Operator | 2025-06-16 | 4.7 Medium |
| IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions. | ||||
| CVE-2025-3473 | 1 Ibm | 1 Security Guardium | 2025-06-14 | 6.7 Medium |
| IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. | ||||
| CVE-2023-47717 | 1 Ibm | 1 Security Guardium | 2025-06-13 | 4.4 Medium |
| IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690. | ||||
| CVE-2025-33112 | 1 Ibm | 2 Aix, Vios | 2025-06-12 | 8.4 High |
| IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input. | ||||
| CVE-2025-0163 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-06-12 | 5.3 Medium |
| IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts. | ||||
| CVE-2023-38720 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-06-12 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. | ||||
| CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-06-11 | 8.4 High |
| IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | ||||
| CVE-2022-43855 | 1 Ibm | 1 Spss Statistics | 2025-06-10 | 6.2 Medium |
| IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. | ||||
| CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-06-10 | 4.4 Medium |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | ||||
| CVE-2023-50308 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2025-06-10 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. | ||||
| CVE-2025-3050 | 1 Ibm | 1 Db2 | 2025-06-09 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources. | ||||
| CVE-2025-2518 | 1 Ibm | 1 Db2 | 2025-06-09 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2024-49350 | 1 Ibm | 1 Db2 | 2025-06-09 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||