Skip to main content

IBM

5580 CVEs vendor

Monthly

CVE-2025-1411 HIGH This Week

IBM Security Verify Directory Container versions 10.0.0.0 through 10.0.3.1 contain a privilege escalation vulnerability allowing local users to execute arbitrary commands as root. The vulnerability stems from the application running with unnecessary elevated privileges, enabling authenticated local attackers to escalate permissions without user interaction. This is a high-severity local privilege escalation affecting containerized deployments of IBM's identity and access management solution.

Privilege Escalation IBM Docker Security Verify Directory
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33108 HIGH This Week

Privilege escalation vulnerability in IBM Backup, Recovery and Media Services (BRMS) for i versions 7.4 and 7.5 that exploits unqualified library calls in compiled or restored programs. An authenticated user with compile or restore capabilities can inject malicious code that executes with elevated component access to the IBM i operating system, achieving full system compromise. This is a high-severity issue affecting enterprise backup infrastructure, though it requires valid credentials and medium attack complexity to exploit.

Privilege Escalation IBM RCE
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-25032 HIGH This Week

A remote code execution vulnerability (CVSS 7.5) that allows an authenticated user. High severity vulnerability requiring prompt remediation.

Denial Of Service IBM Cognos Analytics
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0923 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

Information Disclosure IBM Cognos Analytics
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-0917 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Cognos Analytics
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-3473 MEDIUM This Month

CVE-2025-3473 is a security vulnerability (CVSS 6.7) that allows a local privileged user. Remediation should follow standard vulnerability management procedures.

Privilege Escalation IBM Guardium Data Protection
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-0163 MEDIUM This Month

CVE-2025-0163 is a security vulnerability (CVSS 5.3) that allows a remote attacker. Remediation should follow standard vulnerability management procedures.

Docker Information Disclosure IBM Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-33112 HIGH This Week

Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.

RCE IBM Privilege Escalation Path Traversal Aix +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-56343 MEDIUM This Month

IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.

Denial Of Service IBM Verify Identity Access Digital Credentials
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56342 MEDIUM This Month

IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Information Disclosure IBM Verify Identity Access Digital Credentials
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-22330 MEDIUM This Month

CVE-2024-22330 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-25022 CRITICAL Act Now

Credential exposure in IBM QRadar Suite 1.10.12.0-1.11.2.0.

Information Disclosure IBM Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-25021 HIGH This Week

CVE-2025-25021 is a security vulnerability (CVSS 7.2) that allows a privileged execute code. High severity vulnerability requiring prompt remediation.

RCE IBM Privilege Escalation Qradar Suite Cloud Pak For Security
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-25020 MEDIUM This Month

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.

Denial Of Service IBM Qradar Suite Cloud Pak For Security
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25019 MEDIUM This Month

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.

Information Disclosure IBM Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-1334 MEDIUM This Month

CVE-2025-1334 is a security vulnerability (CVSS 4.0) that allows web pages. Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-45655 MEDIUM This Month

IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

Authentication Bypass IBM Application Gateway
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-33005 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Information Disclosure IBM Planning Analytics Local
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-33004 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

IBM Path Traversal Planning Analytics Local
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-2896 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-25044 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1499 MEDIUM This Month

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Information Disclosure IBM Infosphere Information Server On Cloud Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-3050 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-2518 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-49350 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Stack Overflow Buffer Overflow Denial Of Service Microsoft +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-51453 MEDIUM Monitor

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Sterling Secure Proxy
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-38341 MEDIUM This Month

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-3357 CRITICAL This Week

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-25029 MEDIUM Monitor

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-25026 MEDIUM Monitor

IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25025 MEDIUM Monitor

IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-45094 MEDIUM This Month

IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Hardware Management Console R10 0 Firmware Hardware Management Console R9 4 Firmware Hardware Management Console R9 3 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-33079 MEDIUM This Month

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cognos Controller Controller
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-33138 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-33137 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-33136 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-45641 MEDIUM This Month

IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Qradar Edr
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-33861 MEDIUM This Month

IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Qradar Edr
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-33103 HIGH This Week

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-51475 MEDIUM This Month

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-1138 MEDIUM Monitor

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3440 MEDIUM This Month

IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Guardium
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-33104 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-2900 HIGH PATCH This Week

IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow IBM Denial Of Service Semeru Runtime +1
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-3632 HIGH This Month

IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service 4769 Developers Toolkit
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-1137 HIGH This Week

IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Storage Scale
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-1993 MEDIUM This Month

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure App Connect Enterprise Certified Containers Operands App Connect Operator
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-1331 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1330 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption IBM Buffer Overflow RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1329 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption IBM Buffer Overflow RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33093 HIGH This Week

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Kubernetes Sterling Partner Engagement Manager
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-3218 MEDIUM This Month

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2898 HIGH This Week

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-1493 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Race Condition Denial Of Service Db2 +1
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-1000 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-0915 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-1992 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-1838 MEDIUM This Month

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Cloud Pak For Business Automation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1495 MEDIUM This Month

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-41753 MEDIUM This Month

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Business Automation
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-53108 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Fix size of interrupt data iucv_irq_data needs to be 4 bytes larger. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-55913 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Concert
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-55912 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-55910 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SSRF Concert
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-55909 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Concert
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-52903 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-27365 MEDIUM This Month

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption IBM Information Disclosure Mq Operator +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1333 MEDIUM This Month

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Mq Operator Supplied Mq Advanced Container Images
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2025-1551 MEDIUM This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Operational Decision Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-2986 MEDIUM This Month

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-25046 LOW Monitor

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-25045 MEDIUM This Month

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-22351 MEDIUM This Month

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-27907 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Websphere Application Server
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2025-1951 HIGH This Week

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Hardware Management Console
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-1950 CRITICAL Act Now

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Hardware Management Console
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-2987 LOW Monitor

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Maximo Asset Management
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-2950 MEDIUM This Month

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-49808 MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Sterling Connect Direct Web Services
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-45651 MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling Connect Direct Web Services
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-2947 HIGH This Week

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-22314 MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Storage Defender Resiliency Service
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-27272 LOW Monitor

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Console
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2022-43852 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-43851 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2022-43850 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-43847 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-43840 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-49825 MEDIUM This Month

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-3423 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
CVSS 3.1
5.4
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Verify Directory Container versions 10.0.0.0 through 10.0.3.1 contain a privilege escalation vulnerability allowing local users to execute arbitrary commands as root. The vulnerability stems from the application running with unnecessary elevated privileges, enabling authenticated local attackers to escalate permissions without user interaction. This is a high-severity local privilege escalation affecting containerized deployments of IBM's identity and access management solution.

Privilege Escalation IBM Docker +1
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Privilege escalation vulnerability in IBM Backup, Recovery and Media Services (BRMS) for i versions 7.4 and 7.5 that exploits unqualified library calls in compiled or restored programs. An authenticated user with compile or restore capabilities can inject malicious code that executes with elevated component access to the IBM i operating system, achieving full system compromise. This is a high-severity issue affecting enterprise backup infrastructure, though it requires valid credentials and medium attack complexity to exploit.

Privilege Escalation IBM RCE
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A remote code execution vulnerability (CVSS 7.5) that allows an authenticated user. High severity vulnerability requiring prompt remediation.

Denial Of Service IBM Cognos Analytics
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

Information Disclosure IBM Cognos Analytics
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Cognos Analytics
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

CVE-2025-3473 is a security vulnerability (CVSS 6.7) that allows a local privileged user. Remediation should follow standard vulnerability management procedures.

Privilege Escalation IBM Guardium Data Protection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

CVE-2025-0163 is a security vulnerability (CVSS 5.3) that allows a remote attacker. Remediation should follow standard vulnerability management procedures.

Docker Information Disclosure IBM +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.

RCE IBM Privilege Escalation +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.

Denial Of Service IBM Verify Identity Access Digital Credentials
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Information Disclosure IBM Verify Identity Access Digital Credentials
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

CVE-2024-22330 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Credential exposure in IBM QRadar Suite 1.10.12.0-1.11.2.0.

Information Disclosure IBM Cloud Pak For Security +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

CVE-2025-25021 is a security vulnerability (CVSS 7.2) that allows a privileged execute code. High severity vulnerability requiring prompt remediation.

RCE IBM Privilege Escalation +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.

Denial Of Service IBM Qradar Suite +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.

Information Disclosure IBM Cloud Pak For Security +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

CVE-2025-1334 is a security vulnerability (CVSS 4.0) that allows web pages. Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Cloud Pak For Security +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

Authentication Bypass IBM Application Gateway
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Information Disclosure IBM Planning Analytics Local
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

IBM Path Traversal Planning Analytics Local
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Planning Analytics Local
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Planning Analytics Local
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Information Disclosure IBM Infosphere Information Server On Cloud +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Stack Overflow Buffer Overflow +4
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Sterling Secure Proxy
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Sterling Secure Proxy
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Tivoli Monitoring
NVD
EPSS 0% CVSS 4.9
MEDIUM Monitor

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Guardium
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Hardware Management Console R10 0 Firmware +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cognos Controller +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Qradar Edr
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Qradar Edr
NVD
EPSS 0% CVSS 8.5
HIGH This Week

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Content Navigator
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Guardium
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow IBM +3
NVD
EPSS 0% CVSS 7.5
HIGH This Month

IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service 4769 Developers Toolkit
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Storage Scale
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Cics Tx
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption IBM Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption IBM Buffer Overflow +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Kubernetes +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Race Condition +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Business Automation
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Fix size of interrupt data iucv_irq_data needs to be 4 bytes larger. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Linux +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Concert
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SSRF Concert
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Concert
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption IBM +3
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Mq Operator +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Operational Decision Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Websphere Application Server
NVD
EPSS 0% CVSS 8.4
HIGH This Week

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Hardware Management Console
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Hardware Management Console
NVD
EPSS 0% CVSS 3.8
LOW Monitor

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Maximo Asset Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Sterling Connect Direct Web Services
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling Connect Direct Web Services
NVD
EPSS 0% CVSS 7.2
HIGH This Week

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Privilege Escalation
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Storage Defender Resiliency Service
NVD
EPSS 0% CVSS 3.1
LOW Monitor

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
Prev Page 7 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy