Filtered by vendor Ibm
Subscriptions
Total
7964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36149 | 1 Ibm | 1 Concert | 2025-11-21 | 6.3 Medium |
| IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim. | ||||
| CVE-2025-36153 | 1 Ibm | 1 Concert | 2025-11-21 | 6.1 Medium |
| IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36158 | 1 Ibm | 1 Concert | 2025-11-21 | 5.1 Medium |
| IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying. | ||||
| CVE-2025-36159 | 1 Ibm | 1 Concert | 2025-11-21 | 6.2 Medium |
| IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. | ||||
| CVE-2025-36160 | 1 Ibm | 1 Concert | 2025-11-21 | 5.3 Medium |
| IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. | ||||
| CVE-2025-36072 | 1 Ibm | 1 Webmethods Integration | 2025-11-21 | 8.8 High |
| IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data. | ||||
| CVE-2025-36371 | 1 Ibm | 1 I | 2025-11-21 | 6.5 Medium |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view. | ||||
| CVE-2025-36161 | 1 Ibm | 1 Concert | 2025-11-21 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-36386 | 1 Ibm | 1 Maximo Application Suite | 2025-11-21 | 9.8 Critical |
| IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. | ||||
| CVE-2025-36096 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | 9 Critical |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques. | ||||
| CVE-2025-36236 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | 8.2 High |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system. | ||||
| CVE-2025-36250 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | 10 Critical |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346. | ||||
| CVE-2025-36251 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | 9.6 Critical |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347. | ||||
| CVE-2024-47118 | 1 Ibm | 1 Db2 | 2025-11-19 | 6.5 Medium |
| IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2025-2534 | 1 Ibm | 1 Db2 | 2025-11-19 | 5.3 Medium |
| IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2025-33012 | 1 Ibm | 1 Db2 | 2025-11-19 | 6.3 Medium |
| IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date. | ||||
| CVE-2025-36006 | 1 Ibm | 1 Db2 | 2025-11-19 | 6.5 Medium |
| IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use. | ||||
| CVE-2025-36008 | 1 Ibm | 1 Db2 | 2025-11-19 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources. | ||||
| CVE-2025-36131 | 1 Ibm | 1 Db2 | 2025-11-19 | 4.6 Medium |
| IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system. | ||||
| CVE-2025-36136 | 1 Ibm | 1 Db2 | 2025-11-19 | 5.1 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions. | ||||