Filtered by vendor Ibm
Subscribe
Total
7810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36119 | 1 Ibm | 1 I | 2025-08-15 | N/A | 7.1 HIGH |
| IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator. | |||||
| CVE-2024-41779 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-15 | N/A | 9.8 CRITICAL |
| IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||||
| CVE-2024-41781 | 1 Ibm | 9 Power System E950, Power System E980, Power System H922 and 6 more | 2025-08-15 | N/A | 5.1 MEDIUM |
| IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore. | |||||
| CVE-2024-49353 | 1 Ibm | 1 Watson Assistant For Ibm Cloud Pak For Data | 2025-08-15 | N/A | 7.5 HIGH |
| IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash. | |||||
| CVE-2024-40681 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-15 | N/A | 7.5 HIGH |
| IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. | |||||
| CVE-2024-43191 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2025-08-15 | N/A | 7.2 HIGH |
| IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request. | |||||
| CVE-2025-23227 | 3 Ibm, Linux, Microsoft | 4 Aix, Tivoli Application Dependency Discovery Manager, Linux Kernel and 1 more | 2025-08-15 | N/A | 6.4 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-54176 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-15 | N/A | 4.3 MEDIUM |
| IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | |||||
| CVE-2025-36034 | 1 Ibm | 1 Infosphere Information Server | 2025-08-14 | N/A | 5.3 MEDIUM |
| IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. | |||||
| CVE-2024-56339 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | N/A | 3.7 LOW |
| IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration. | |||||
| CVE-2023-38264 | 1 Ibm | 1 Java Software Development Kit | 2025-08-14 | N/A | 5.9 MEDIUM |
| The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. | |||||
| CVE-2023-43040 | 1 Ibm | 1 Storage Fusion Hci | 2025-08-14 | N/A | 6.5 MEDIUM |
| IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807. | |||||
| CVE-2024-51461 | 1 Ibm | 1 Qradar Wincollect | 2025-08-14 | N/A | 4.3 MEDIUM |
| IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources. | |||||
| CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2025-08-14 | N/A | 4.0 MEDIUM |
| IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | |||||
| CVE-2025-1998 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | N/A | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user. | |||||
| CVE-2025-1997 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | N/A | 5.4 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | |||||
| CVE-2024-49822 | 1 Ibm | 1 Qradar Advisor | 2025-08-14 | N/A | 4.1 MEDIUM |
| IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-38325 | 1 Ibm | 1 Storage Defender | 2025-08-14 | N/A | 5.9 MEDIUM |
| IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-31906 | 1 Ibm | 1 Automation Decision Services | 2025-08-14 | N/A | 6.2 MEDIUM |
| IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2024-41739 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2025-08-14 | N/A | 8.8 HIGH |
| IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion. | |||||