Filtered by vendor Ibm
Subscriptions
Total
8109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36134 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-12-01 | 3.7 Low |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. | ||||
| CVE-2024-49790 | 1 Ibm | 2 Watson Assistant For Ibm Cloud Pak For Data, Watson Studio On Cloud Pak For Data | 2025-11-26 | 5.4 Medium |
| IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-33110 | 1 Ibm | 2 Openpages, Openpages With Watson | 2025-11-24 | 5.4 Medium |
| IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2025-36371 | 1 Ibm | 1 I | 2025-11-24 | 6.5 Medium |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view. | ||||
| CVE-2025-36161 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-11-24 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-36153 | 1 Ibm | 1 Concert | 2025-11-21 | 6.1 Medium |
| IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36158 | 1 Ibm | 1 Concert | 2025-11-21 | 5.1 Medium |
| IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying. | ||||
| CVE-2025-36159 | 1 Ibm | 1 Concert | 2025-11-21 | 6.2 Medium |
| IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. | ||||
| CVE-2025-36160 | 1 Ibm | 1 Concert | 2025-11-21 | 5.3 Medium |
| IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. | ||||
| CVE-2025-36386 | 1 Ibm | 1 Maximo Application Suite | 2025-11-21 | 9.8 Critical |
| IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. | ||||
| CVE-2025-36236 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | 8.2 High |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system. | ||||
| CVE-2024-47118 | 1 Ibm | 1 Db2 | 2025-11-19 | 6.5 Medium |
| IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2025-2534 | 1 Ibm | 1 Db2 | 2025-11-19 | 5.3 Medium |
| IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2025-33012 | 1 Ibm | 1 Db2 | 2025-11-19 | 6.3 Medium |
| IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date. | ||||
| CVE-2025-36006 | 1 Ibm | 1 Db2 | 2025-11-19 | 6.5 Medium |
| IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use. | ||||
| CVE-2025-36008 | 1 Ibm | 1 Db2 | 2025-11-19 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources. | ||||
| CVE-2025-36131 | 1 Ibm | 1 Db2 | 2025-11-19 | 4.6 Medium |
| IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system. | ||||
| CVE-2025-36136 | 1 Ibm | 1 Db2 | 2025-11-19 | 5.1 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions. | ||||
| CVE-2025-36299 | 1 Ibm | 2 Planning Analytics Local, Planning Analytics Workspace | 2025-11-19 | 4.3 Medium |
| IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system. | ||||
| CVE-2025-36223 | 1 Ibm | 1 Openpages | 2025-11-18 | 5.4 Medium |
| IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | ||||