Filtered by vendor Ibm
Subscriptions
Total
7627 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27907 | 1 Ibm | 1 Websphere Application Server | 2025-04-23 | 4.1 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-1951 | 1 Ibm | 1 Power Hardware Management Console | 2025-04-23 | 8.4 High |
| IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges. | ||||
| CVE-2025-2987 | 1 Ibm | 1 Maximo Asset Management | 2025-04-23 | 3.8 Low |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2022-34361 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2025-04-23 | 5.9 Medium |
| IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. | ||||
| CVE-2022-43867 | 2 Ibm, Linux | 2 Spectrum Scale Container Native Storage Access, Linux Kernel | 2025-04-23 | 7.8 High |
| IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437. | ||||
| CVE-2022-41735 | 1 Ibm | 1 Business Automation Workflow | 2025-04-22 | 5.4 Medium |
| IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687. | ||||
| CVE-2022-43581 | 1 Ibm | 1 Content Navigator | 2025-04-22 | 7.5 High |
| IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. | ||||
| CVE-2022-41299 | 1 Ibm | 1 Cloud Transformation Advisor | 2025-04-22 | 4.4 Medium |
| IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. | ||||
| CVE-2025-2947 | 1 Ibm | 1 I | 2025-04-22 | 7.2 High |
| IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system. | ||||
| CVE-2024-45651 | 1 Ibm | 1 Sterling Connect Direct Web Services | 2025-04-21 | 6.3 Medium |
| IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2024-49808 | 1 Ibm | 1 Sterling Connect Direct Web Services | 2025-04-21 | 6.3 Medium |
| IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions. | ||||
| CVE-2025-2950 | 1 Ibm | 1 I | 2025-04-21 | 5.4 Medium |
| IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior. | ||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-04-20 | 9.8 Critical |
| The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | ||||
| CVE-2017-3744 | 2 Ibm, Lenovo | 47 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 44 more | 2025-04-20 | N/A |
| In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands. | ||||
| CVE-2017-3752 | 2 Ibm, Lenovo | 30 1\, 1g L2-7 Slb, Bladecenter and 27 more | 2025-04-20 | N/A |
| An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain. | ||||
| CVE-2017-1760 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | N/A |
| IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. | ||||
| CVE-2017-1694 | 1 Ibm | 1 Integration Bus | 2025-04-20 | N/A |
| IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. | ||||
| CVE-2017-1696 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | N/A |
| IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178. | ||||
| CVE-2017-1698 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | N/A |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. | ||||
| CVE-2017-1710 | 1 Ibm | 8 Flashsystem V9000, Flashsystem V9000 Firmware, San Volume Controller and 5 more | 2025-04-20 | N/A |
| A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531. | ||||