Skip to main content

IBM

5580 CVEs vendor

Monthly

CVE-2025-36134 LOW Monitor

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-36150 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-36112 MEDIUM This Month

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12740 HIGH This Month

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-36149 MEDIUM This Month

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Concert
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-36072 HIGH This Month

IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE IBM Webmethods Integration
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-36160 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-36159 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-36158 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-36153 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Concert
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-36161 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-36371 MEDIUM This Month

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36118 HIGH This Month

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-36357 HIGH This Month

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local Planning Analytics Workspace
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-36299 MEDIUM Monitor

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local Planning Analytics Workspace
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-36251 CRITICAL This Week

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-36250 CRITICAL This Week

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-36236 HIGH This Month

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Vios Aix
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-36096 CRITICAL This Week

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Vios Aix
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-33119 MEDIUM This Month

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36223 MEDIUM This Month

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-27368 MEDIUM Monitor

IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Openpages
NVD
CVSS 3.1
4.3
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dl_server before CPU goes offline IBM CI tool reported kernel warning[1] when running a CPU removal operation. No vendor patch available.

Linux Information Disclosure IBM Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix potential deadlock while nr_requests grown Allocate and free sched_tags while queue is freezed can deadlock[1], this is. No vendor patch available.

Linux Information Disclosure IBM Linux Kernel
NVD
EPSS
0.0%
CVE-2025-33150 MEDIUM This Month

IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure IBM Cognos Analytics Certified Containers
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36186 HIGH This Month

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation IBM Db2 Windows
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-36185 MEDIUM This Month

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Nosql Injection IBM Db2 +1
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-36136 MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-36135 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36131 MEDIUM Monitor

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM Db2 Windows
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-36008 MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36006 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM Db2 Windows
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-33012 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Db2
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-2534 MEDIUM This Month

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-47118 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow IBM Microsoft Denial Of Service +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-33110 MEDIUM This Month

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-36054 MEDIUM PATCH This Month

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Process Federation Server
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-36172 MEDIUM This Month

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12531 HIGH This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-36093 MEDIUM Monitor

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-36092 MEDIUM This Month

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-36091 MEDIUM Monitor

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-36367 HIGH This Month

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-50300 MEDIUM This Month

IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.

Authentication Bypass IBM Transformation Extender Advanced
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2023-49883 MEDIUM This Month

CVE-2023-49883 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Transformation Extender Advanced
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-49881 MEDIUM This Month

IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Information Disclosure IBM Transformation Extender Advanced
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-50301 LOW Monitor

IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.

Information Disclosure IBM
NVD
CVSS 3.1
1.9
EPSS
0.0%
CVE-2025-36262 MEDIUM This Month

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Planning Analytics Local
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-36132 MEDIUM This Month

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36245 HIGH This Month

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-36099 MEDIUM Monitor

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-36352 MEDIUM This Month

IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS License Metric Tool
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-36351 MEDIUM Monitor

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM License Metric Tool
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-36239 MEDIUM This Month

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Storage Ts4500 Library Firmware Diamondback Tape Library Firmware
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-43192 MEDIUM This Month

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Storage Ts4500 Library Firmware Diamondback Tape Library Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36144 LOW Monitor

IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Watsonx Data
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-36326 LOW Monitor

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cognos Controller Controller
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-36274 HIGH PATCH This Week

IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Aspera Http Gateway
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-33116 MEDIUM PATCH Monitor

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Watson Studio
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-36064 MEDIUM This Month

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Microsoft Information Disclosure Sterling Connect Windows
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-36202 HIGH This Month

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Webmethods Integration
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-36037 MEDIUM This Month

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Webmethods Integration
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36248 MEDIUM This Month

IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Copy Services Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36146 MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Watsonx Data
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-36143 MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Watsonx Data
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-36139 MEDIUM This Month

IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Watsonx Data
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-53326 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference IBM Linux Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-36244 HIGH This Month

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-36082 MEDIUM Monitor

IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Openpages
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-36035 MEDIUM This Month

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Powervm Hypervisor
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-0164 LOW Monitor

IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2025-36222 HIGH This Week

IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Storage Fusion Storage Fusion Hci Storage Fusion Hci For Watsonx
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-39776 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: clear page table entries at destroy_args() The mm/debug_vm_pagetable test allocates manually page table. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Use After Free IBM Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-47120 MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with. Rated medium severity (CVSS 6.4). No vendor patch available.

IBM Privilege Escalation Security Verify Information Queue
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2024-45671 MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Information Queue
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-45669 MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Security Verify Information Queue
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36125 MEDIUM This Month

IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Hardware Management Console
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-36011 MEDIUM Monitor

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-42958 CRITICAL Act Now

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP IBM Privilege Escalation
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-1761 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption IBM Information Disclosure Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-36100 MEDIUM PATCH This Month

IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Information Disclosure IBM Java Mq
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-2694 MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-2667 LOW Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-25048 MEDIUM PATCH This Month

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Jazz Foundation
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-43184 MEDIUM PATCH This Month

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz Foundation
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36193 HIGH This Week

IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Transformation Advisor
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-36162 MEDIUM Monitor

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-33102 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-33099 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-33084 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
EPSS 0% CVSS 3.7
LOW Monitor

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator +1
NVD
EPSS 0% CVSS 7.7
HIGH This Month

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Concert
NVD
EPSS 1% CVSS 8.8
HIGH This Month

IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE IBM +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Concert
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Concert
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Concert
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM
NVD
EPSS 0% CVSS 7.5
HIGH This Month

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize
NVD
EPSS 0% CVSS 8.0
HIGH This Month

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local +1
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local +1
NVD
EPSS 0% CVSS 9.6
CRITICAL This Week

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Vios +1
NVD
EPSS 0% CVSS 10.0
CRITICAL This Week

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Vios +1
NVD
EPSS 0% CVSS 8.2
HIGH This Month

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Vios +1
NVD
EPSS 0% CVSS 9.0
CRITICAL This Week

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Vios +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Openpages
NVD
EPSS 0%

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dl_server before CPU goes offline IBM CI tool reported kernel warning[1] when running a CPU removal operation. No vendor patch available.

Linux Information Disclosure IBM +1
NVD
EPSS 0%

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix potential deadlock while nr_requests grown Allocate and free sched_tags while queue is freezed can deadlock[1], this is. No vendor patch available.

Linux Information Disclosure IBM +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure IBM +1
NVD
EPSS 0% CVSS 7.4
HIGH This Month

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation IBM +2
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Nosql Injection +3
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Microsoft IBM +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator +1
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Db2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft IBM +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow IBM +4
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 7.1
HIGH This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 8.8
HIGH This Month

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Privilege Escalation
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.

Authentication Bypass IBM Transformation Extender Advanced
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

CVE-2023-49883 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Transformation Extender Advanced
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Information Disclosure IBM Transformation Extender Advanced
NVD
EPSS 0% CVSS 1.9
LOW Monitor

IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.

Information Disclosure IBM
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Planning Analytics Local
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
EPSS 0% CVSS 8.8
HIGH This Month

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Infosphere Information Server
NVD
EPSS 0% CVSS 4.9
MEDIUM Monitor

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Application Server
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS License Metric Tool
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM License Metric Tool
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Storage Ts4500 Library Firmware +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Storage Ts4500 Library Firmware +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Watsonx Data
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cognos Controller +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Aspera Http Gateway
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH Monitor

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Watson Studio
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Microsoft Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Webmethods Integration
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Webmethods Integration
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Copy Services Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Watsonx Data
NVD
EPSS 0% CVSS 4.7
MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Watsonx Data
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Watsonx Data
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference IBM +4
NVD
EPSS 0% CVSS 7.4
HIGH This Month

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Vios +1
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Openpages
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Powervm Hypervisor
NVD
EPSS 0% CVSS 2.3
LOW Monitor

IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass IBM Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 8.7
HIGH This Week

IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Storage Fusion +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: clear page table entries at destroy_args() The mm/debug_vm_pagetable test allocates manually page table. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Use After Free +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with. Rated medium severity (CVSS 6.4). No vendor patch available.

IBM Privilege Escalation Security Verify Information Queue
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Information Queue
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Security Verify Information Queue
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Hardware Management Console
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz For Service Management
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP IBM +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Information Disclosure IBM Java +1
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator +1
NVD
EPSS 0% CVSS 2.7
LOW Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Jazz Foundation
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz Foundation
NVD
EPSS 0% CVSS 8.4
HIGH This Week

IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Transformation Advisor
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Concert
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
Prev Page 5 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy