Filtered by vendor Ibm
Subscriptions
Total
7832 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38272 | 1 Ibm | 1 Cloud Pak System | 2025-08-18 | 5.9 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments. | ||||
| CVE-2024-38327 | 1 Ibm | 1 Analytics Content Hub | 2025-08-18 | 6.8 Medium |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API. | ||||
| CVE-2024-39752 | 1 Ibm | 1 Analytics Content Hub | 2025-08-18 | 6.8 Medium |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | ||||
| CVE-2025-3631 | 1 Ibm | 2 Mq, Mq Appliance | 2025-08-18 | 6.5 Medium |
| An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. | ||||
| CVE-2025-36104 | 1 Ibm | 2 Spectrum Scale Container Native Storage Access, Storage Scale | 2025-08-18 | 6.5 Medium |
| IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol. | ||||
| CVE-2025-33097 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-08-18 | 6.4 Medium |
| IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36097 | 1 Ibm | 1 Websphere Application Server | 2025-08-18 | 7.5 High |
| IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources. | ||||
| CVE-2025-33014 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-18 | 5.4 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser. | ||||
| CVE-2025-36107 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-18 | 5.9 Medium |
| IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data. | ||||
| CVE-2025-36062 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-18 | 5.9 Medium |
| IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic. | ||||
| CVE-2025-36106 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-18 | 6.5 Medium |
| IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime. | ||||
| CVE-2025-36057 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-18 | 5.2 Medium |
| IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application. | ||||
| CVE-2024-38335 | 1 Ibm | 2 Qradar Network Threat Analytics, Qradar Security Network Threat Analytics | 2025-08-18 | 4.5 Medium |
| IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources. | ||||
| CVE-2025-33077 | 1 Ibm | 2 Engineering Systems Design Rhapsody, Rhapsody Design Manager | 2025-08-18 | 8.8 High |
| IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | ||||
| CVE-2025-33020 | 1 Ibm | 2 Engineering Systems Design Rhapsody, Rhapsody Design Manager | 2025-08-18 | 5.9 Medium |
| IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information. | ||||
| CVE-2025-36116 | 1 Ibm | 1 Db2 Mirror For I | 2025-08-18 | 6.3 Medium |
| IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform. | ||||
| CVE-2025-36117 | 1 Ibm | 1 Db2 Mirror For I | 2025-08-18 | 6.3 Medium |
| IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2024-41751 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2025-08-18 | 5.5 Medium |
| IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data. | ||||
| CVE-2024-41750 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2025-08-18 | 5.5 Medium |
| IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data. | ||||
| CVE-2024-40686 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2025-08-18 | 5.4 Medium |
| IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | ||||