Filtered by vendor Ibm
Subscriptions
Total
7897 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1137 | 1 Ibm | 2 Spectrum Scale Container Native Storage Access, Storage Scale | 2025-09-29 | 7.5 High |
| IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization. | ||||
| CVE-2025-1095 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Personal Communications, Linux Kernel and 1 more | 2025-09-29 | 8.8 High |
| IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029. | ||||
| CVE-2024-52903 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-09-29 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2024-47102 | 1 Ibm | 2 Aix, Vios | 2025-09-29 | 5.5 Medium |
| IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. | ||||
| CVE-2024-41757 | 1 Ibm | 1 Concert | 2025-09-29 | 5.9 Medium |
| IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2024-39750 | 1 Ibm | 1 Analytics Content Hub | 2025-09-29 | 8.8 High |
| IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | ||||
| CVE-2024-35122 | 1 Ibm | 1 I | 2025-09-29 | 2.8 Low |
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file. | ||||
| CVE-2024-31905 | 1 Ibm | 1 Qradar Network Packet Capture | 2025-09-29 | 5.9 Medium |
| IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2024-27275 | 1 Ibm | 1 I | 2025-09-29 | 7.4 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. | ||||
| CVE-2024-22316 | 1 Ibm | 1 Sterling File Gateway | 2025-09-29 | 4.3 Medium |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. | ||||
| CVE-2024-54175 | 1 Ibm | 1 Mq | 2025-09-26 | 5.5 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. | ||||
| CVE-2025-33116 | 1 Ibm | 1 Watson Studio On Cloud Pak For Data | 2025-09-26 | 4.4 Medium |
| IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36139 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | 5.5 Medium |
| IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36146 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | 4.3 Medium |
| IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. | ||||
| CVE-2025-36143 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | 4.7 Medium |
| IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. | ||||
| CVE-2025-36082 | 1 Ibm | 2 Openpages, Openpages With Watson | 2025-09-24 | 4 Medium |
| IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system. | ||||
| CVE-2025-36174 | 1 Ibm | 1 Integrated Analytics System | 2025-09-23 | 8 High |
| IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. | ||||
| CVE-2025-36244 | 1 Ibm | 2 Aix, Vios | 2025-09-22 | 7.4 High |
| IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables. | ||||
| CVE-2025-0164 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-09-20 | 2.3 Low |
| IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment. | ||||
| CVE-2024-47120 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2025-09-18 | 6.4 Medium |
| IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges. | ||||