Skip to main content

IBM

5580 CVEs vendor

Monthly

CVE-2025-33089 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials. [CVSS 6.5 MEDIUM]

IBM Concert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27904 MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

IBM Linux Windows CSRF Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27903 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).

IBM Linux Windows Db2 Recovery Expert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-27901 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM Linux Windows XSS Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27900 MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.8).

IBM Open Redirect Db2 Recovery Expert
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-27899 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-27898 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-13108 MEDIUM This Month

Db2 Merge Backup versions up to 12.1.0.0 contains a vulnerability that allows attackers to access sensitive information in memory due to the buffer not properly clearing r (CVSS 5.5).

IBM Linux Windows Db2 Merge Backup
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-38265 MEDIUM This Month

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Cloud Pak System
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36019 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. [CVSS 6.1 MEDIUM]

IBM XSS Concert
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36018 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. [CVSS 6.5 MEDIUM]

IBM CSRF Concert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12755 MEDIUM This Month

IBM MQ Operator (SC2 v3.2.0-3.8.1, LTS v2.0.0-2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x-9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. [CVSS 4.0 MEDIUM]

IBM
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-43178 MEDIUM This Month

Concert versions up to 2.1.0 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-36425 MEDIUM This Month

Db2 versions up to 12.1.3 contains a vulnerability that allows attackers to an authenticated user to obtain sensitive information under specific HADR config (CVSS 5.3).

IBM Linux Windows Db2
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36247 HIGH This Week

Db2 versions up to 12.1.3 is affected by improper restriction of xml external entity reference (CVSS 7.1).

IBM Linux Windows XXE Db2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-14689 MEDIUM This Month

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-13867 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14150 MEDIUM This Month

IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses. [CVSS 6.5 MEDIUM]

IBM
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13491 MEDIUM This Month

IBM App Connect Enterprise Certified Container versions up to 12.19.0 is affected by untrusted search path (CVSS 5.1).

IBM Information Disclosure
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-13379 HIGH This Week

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. [CVSS 8.6 HIGH]

IBM SQLi Aspera Console
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-51451 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM XSS Concert
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-43181 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Concert
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-40685 MEDIUM This Month

Log Analysis versions 1.3.5.0 versions up to 1.3.8.3 is affected by cross-site request forgery (csrf) (CVSS 4.3).

IBM Industrial CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-2134 LOW Monitor

Jazz Reporting Service versions up to 7.0.3 contains a vulnerability that allows attackers to an authenticated user on the network to affect the system's performance using co (CVSS 3.5).

IBM
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-27550 LOW Monitor

Jazz Reporting Service versions up to 7.0.3 contains a vulnerability that allows attackers to an authenticated user on the host network to obtain sensitive information about (CVSS 3.5).

IBM
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-1823 LOW Monitor

Jazz Reporting Service versions up to 7.0.3 is affected by allocation of resources without limits or throttling (CVSS 3.5).

IBM Denial Of Service
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-13375 CRITICAL Act Now

IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 allows unauthenticated users to execute certain cryptographic operations that should require elevated privileges.

IBM
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-39724 MEDIUM This Month

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service. [CVSS 5.3 MEDIUM]

IBM Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-38281 MEDIUM This Month

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. [CVSS 5.3 MEDIUM]

IBM Os Image For Red Hat Linux Systems Cloud Pak System
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-38017 MEDIUM This Month

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.3 MEDIUM]

IBM XSS Cloud Pak System Os Image For Red Hat Linux Systems
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-38010 MEDIUM This Month

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Cloud Pak System Os Image For Red Hat Linux Systems
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36094 MEDIUM This Month

Cloud Pak For Business Automation versions up to 24.0.0 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service or corrupt existing data due (CVSS 5.4).

IBM Denial Of Service Cloud Pak For Business Automation
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-36033 MEDIUM This Month

Engineering Lifecycle Management versions up to 7.0.3 is affected by cross-site scripting (xss) (CVSS 5.4).

IBM XSS Engineering Lifecycle Management
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-33081 LOW Monitor

IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user. [CVSS 3.3 LOW]

IBM
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-36436 MEDIUM This Month

Cloud Pak For Business Automation versions up to 24.0.0 is affected by cross-site scripting (xss) (CVSS 6.4).

IBM XSS Cloud Pak For Business Automation
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-36253 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to decrypt highly sensitive information (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-36238 MEDIUM This Month

Powervm Hypervisor versions up to fw950.00 contains a vulnerability that allows attackers to a local user with administration privileges to obtain sensitive information from (CVSS 6.0).

IBM Powervm Hypervisor
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-36194 LOW Monitor

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. [CVSS 2.8 LOW]

IBM
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-13096 HIGH This Week

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. [CVSS 7.1 HIGH]

IBM XXE Business Automation Workflow
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-15395 MEDIUM This Month

IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability. [CVSS 4.3 MEDIUM]

IBM Jazz Foundation
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14914 HIGH This Week

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. [CVSS 7.6 HIGH]

IBM Path Traversal Websphere Application Server RCE
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-36442 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36428 MEDIUM PATCH This Month

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 5.3).

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36427 MEDIUM PATCH This Month

Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of special elements in (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36424 MEDIUM PATCH This Month

Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of special elements in (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36423 MEDIUM PATCH This Month

Db2 contains a vulnerability that allows attackers to a local user to cause a denial of service due to improper neutralization of spec (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36407 MEDIUM PATCH This Month

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. [CVSS 6.5 MEDIUM]

IBM Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36387 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36384 HIGH PATCH This Week

Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges due to the use (CVSS 8.4).

IBM Windows Db2
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-36366 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36365 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. [CVSS 6.8 MEDIUM]

IBM Linux Windows Db2
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-36353 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. [CVSS 6.2 MEDIUM]

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-36184 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. [CVSS 7.2 HIGH]

IBM Linux Windows Db2
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-36123 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. [CVSS 6.2 MEDIUM]

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-36098 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36070 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36009 MEDIUM This Month

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to excessive use of a glo (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36001 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-2668 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36419 MEDIUM This Month

IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Applinx
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36418 HIGH This Week

Applinx versions up to 11.1.0 is affected by improper verification of cryptographic signature (CVSS 7.3).

IBM Privilege Escalation Applinx
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-36411 LOW Monitor

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. [CVSS 3.5 LOW]

IBM CSRF
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-36410 LOW Monitor

Applinx versions up to 11.1.0 contains a vulnerability that allows attackers to an authenticated user to perform unauthorized administrative actions on the serv (CVSS 3.1).

IBM
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-36409 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36408 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 6.4 MEDIUM]

IBM XSS Applinx
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-36397 MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. [CVSS 5.4 MEDIUM]

IBM Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36396 MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36115 MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by session fixation (CVSS 6.3).

IBM
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-36113 MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by cross-site scripting (xss) (CVSS 5.4).

IBM XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36066 MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by cross-site scripting (xss) (CVSS 6.1).

IBM XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36065 MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by insufficient session expiration (CVSS 6.3).

IBM
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-36063 MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by insufficient session expiration (CVSS 6.3).

IBM
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-36059 MEDIUM This Month

Business Automation Workflow versions up to 24.0.0 is affected by execution with unnecessary privileges (CVSS 4.7).

IBM Business Automation Workflow
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-36058 MEDIUM This Month

Business Automation Workflow versions up to 24.0.0 is affected by insertion of sensitive information into externally-accessible file (CVSS 5.5).

IBM Business Automation Workflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-33015 HIGH This Week

Concert versions up to 2.1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

IBM Concert
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-1722 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-1719 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-14115 HIGH This Week

Direct for UNIX Container 6.3.0.0 versions up to 6.3.0.6 is affected by use of hard-coded credentials (CVSS 8.4).

IBM
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-13925 MEDIUM This Month

Aspera Console versions up to 3.4.7 is affected by insertion of sensitive information into log file (CVSS 4.9).

IBM Aspera Console
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-12985 HIGH This Week

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image. [CVSS 8.4 HIGH]

IBM
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-71134 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible.

Linux Information Disclosure IBM Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-36140 MEDIUM This Month

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.

IBM Denial Of Service Watsonx.Data
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-64650 MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36102 LOW Monitor

A remote code execution vulnerability (CVSS 2.7) that allows a privileged user. Remediation should follow standard vulnerability management procedures.

IBM Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-36017 MEDIUM This Month

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.

IBM Information Disclosure Controller
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36015 MEDIUM This Month

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.

IBM Denial Of Service Controller Cognos Controller
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-33111 MEDIUM This Month

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.

IBM Information Disclosure Controller Cognos Controller
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12832 MEDIUM This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

IBM SSRF Infosphere Information Server
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-12635 MEDIUM This Month

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-45675 HIGH This Week

CVE-2024-45675 is a security vulnerability (CVSS 8.4) that allows a local user. High severity vulnerability requiring prompt remediation.

Information Disclosure IBM Informix Dynamic Server
NVD
CVSS 3.1
8.4
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials. [CVSS 6.5 MEDIUM]

IBM Concert
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).

IBM Linux Windows +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.8).

IBM Open Redirect Db2 Recovery Expert
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Db2 Merge Backup versions up to 12.1.0.0 contains a vulnerability that allows attackers to access sensitive information in memory due to the buffer not properly clearing r (CVSS 5.5).

IBM Linux Windows +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Cloud Pak System
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. [CVSS 6.1 MEDIUM]

IBM XSS Concert
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. [CVSS 6.5 MEDIUM]

IBM CSRF Concert
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

IBM MQ Operator (SC2 v3.2.0-3.8.1, LTS v2.0.0-2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x-9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. [CVSS 4.0 MEDIUM]

IBM
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Concert versions up to 2.1.0 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).

IBM Concert
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Db2 versions up to 12.1.3 contains a vulnerability that allows attackers to an authenticated user to obtain sensitive information under specific HADR config (CVSS 5.3).

IBM Linux Windows +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Db2 versions up to 12.1.3 is affected by improper restriction of xml external entity reference (CVSS 7.1).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 6.5).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses. [CVSS 6.5 MEDIUM]

IBM
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM App Connect Enterprise Certified Container versions up to 12.19.0 is affected by untrusted search path (CVSS 5.1).

IBM Information Disclosure
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. [CVSS 8.6 HIGH]

IBM SQLi Aspera Console
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM XSS Concert
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Concert
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Log Analysis versions 1.3.5.0 versions up to 1.3.8.3 is affected by cross-site request forgery (csrf) (CVSS 4.3).

IBM Industrial CSRF
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Jazz Reporting Service versions up to 7.0.3 contains a vulnerability that allows attackers to an authenticated user on the network to affect the system's performance using co (CVSS 3.5).

IBM
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Jazz Reporting Service versions up to 7.0.3 contains a vulnerability that allows attackers to an authenticated user on the host network to obtain sensitive information about (CVSS 3.5).

IBM
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Jazz Reporting Service versions up to 7.0.3 is affected by allocation of resources without limits or throttling (CVSS 3.5).

IBM Denial Of Service
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 allows unauthenticated users to execute certain cryptographic operations that should require elevated privileges.

IBM
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service. [CVSS 5.3 MEDIUM]

IBM Denial Of Service
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. [CVSS 5.3 MEDIUM]

IBM Os Image For Red Hat Linux Systems Cloud Pak System
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.3 MEDIUM]

IBM XSS Cloud Pak System +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Cloud Pak System Os Image For Red Hat Linux Systems
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cloud Pak For Business Automation versions up to 24.0.0 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service or corrupt existing data due (CVSS 5.4).

IBM Denial Of Service Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Engineering Lifecycle Management versions up to 7.0.3 is affected by cross-site scripting (xss) (CVSS 5.4).

IBM XSS Engineering Lifecycle Management
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user. [CVSS 3.3 LOW]

IBM
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Cloud Pak For Business Automation versions up to 24.0.0 is affected by cross-site scripting (xss) (CVSS 6.4).

IBM XSS Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to decrypt highly sensitive information (CVSS 5.9).

IBM Concert
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Powervm Hypervisor versions up to fw950.00 contains a vulnerability that allows attackers to a local user with administration privileges to obtain sensitive information from (CVSS 6.0).

IBM Powervm Hypervisor
NVD
EPSS 0% CVSS 2.8
LOW Monitor

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. [CVSS 2.8 LOW]

IBM
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. [CVSS 7.1 HIGH]

IBM XXE Business Automation Workflow
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability. [CVSS 4.3 MEDIUM]

IBM Jazz Foundation
NVD
EPSS 0% CVSS 7.6
HIGH This Week

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. [CVSS 7.6 HIGH]

IBM Path Traversal Websphere Application Server +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. [CVSS 6.5 MEDIUM]

IBM Linux Windows +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 5.3).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of special elements in (CVSS 6.5).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of special elements in (CVSS 6.5).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Db2 contains a vulnerability that allows attackers to a local user to cause a denial of service due to improper neutralization of spec (CVSS 6.5).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. [CVSS 6.5 MEDIUM]

IBM Denial Of Service Db2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. [CVSS 6.5 MEDIUM]

IBM Linux Windows +2
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges due to the use (CVSS 8.4).

IBM Windows Db2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination. [CVSS 6.5 MEDIUM]

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. [CVSS 6.8 MEDIUM]

IBM Linux Windows +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. [CVSS 6.2 MEDIUM]

IBM Linux Windows +2
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. [CVSS 7.2 HIGH]

IBM Linux Windows +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. [CVSS 6.2 MEDIUM]

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources. [CVSS 6.5 MEDIUM]

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. [CVSS 6.5 MEDIUM]

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to excessive use of a glo (CVSS 6.5).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. [CVSS 6.5 MEDIUM]

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query. [CVSS 6.5 MEDIUM]

IBM Linux Windows +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Applinx
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Applinx versions up to 11.1.0 is affected by improper verification of cryptographic signature (CVSS 7.3).

IBM Privilege Escalation Applinx
NVD
EPSS 0% CVSS 3.5
LOW Monitor

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. [CVSS 3.5 LOW]

IBM CSRF
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Applinx versions up to 11.1.0 contains a vulnerability that allows attackers to an authenticated user to perform unauthorized administrative actions on the serv (CVSS 3.1).

IBM
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Applinx
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 6.4 MEDIUM]

IBM XSS Applinx
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. [CVSS 5.4 MEDIUM]

IBM Application Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Application Gateway
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by session fixation (CVSS 6.3).

IBM
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by cross-site scripting (xss) (CVSS 5.4).

IBM XSS
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by cross-site scripting (xss) (CVSS 6.1).

IBM XSS
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by insufficient session expiration (CVSS 6.3).

IBM
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by insufficient session expiration (CVSS 6.3).

IBM
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Business Automation Workflow versions up to 24.0.0 is affected by execution with unnecessary privileges (CVSS 4.7).

IBM Business Automation Workflow
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Business Automation Workflow versions up to 24.0.0 is affected by insertion of sensitive information into externally-accessible file (CVSS 5.5).

IBM Business Automation Workflow
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Concert versions up to 2.1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

IBM Concert
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).

IBM Concert
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).

IBM Concert
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Direct for UNIX Container 6.3.0.0 versions up to 6.3.0.6 is affected by use of hard-coded credentials (CVSS 8.4).

IBM
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Aspera Console versions up to 3.4.7 is affected by insertion of sensitive information into log file (CVSS 4.9).

IBM Aspera Console
NVD
EPSS 0% CVSS 8.4
HIGH This Week

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image. [CVSS 8.4 HIGH]

IBM
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible.

Linux Information Disclosure IBM +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.

IBM Denial Of Service Watsonx.Data
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
EPSS 0% CVSS 2.7
LOW Monitor

A remote code execution vulnerability (CVSS 2.7) that allows a privileged user. Remediation should follow standard vulnerability management procedures.

IBM Authentication Bypass
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.

IBM Information Disclosure Controller
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.

IBM Denial Of Service Controller +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.

IBM Information Disclosure Controller +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

IBM SSRF Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.

IBM XSS Websphere Application Server
NVD
EPSS 0% CVSS 8.4
HIGH This Week

CVE-2024-45675 is a security vulnerability (CVSS 8.4) that allows a local user. High severity vulnerability requiring prompt remediation.

Information Disclosure IBM Informix Dynamic Server
NVD
Prev Page 4 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy