Filtered by vendor Ibm
Subscriptions
Total
7933 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23227 | 3 Ibm, Linux, Microsoft | 4 Aix, Tivoli Application Dependency Discovery Manager, Linux Kernel and 1 more | 2025-08-15 | 6.4 Medium |
| IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-54176 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-15 | 4.3 Medium |
| IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | ||||
| CVE-2024-56339 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | 3.7 Low |
| IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration. | ||||
| CVE-2023-38264 | 2 Ibm, Redhat | 3 Java Software Development Kit, Enterprise Linux, Rhel Extras | 2025-08-14 | 5.9 Medium |
| The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. | ||||
| CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2025-08-14 | 4 Medium |
| IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | ||||
| CVE-2024-38325 | 1 Ibm | 2 Storage Defender, Storage Defender Resiliency Service | 2025-08-14 | 5.9 Medium |
| IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2024-31906 | 1 Ibm | 1 Automation Decision Services | 2025-08-14 | 6.2 Medium |
| IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2024-41739 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2025-08-14 | 8.8 High |
| IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion. | ||||
| CVE-2024-28787 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2025-08-14 | 8.7 High |
| IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584. | ||||
| CVE-2025-33118 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-08-14 | 6.4 Medium |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-2824 | 1 Ibm | 1 Operational Decision Manager | 2025-08-14 | 7.4 High |
| IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||
| CVE-2024-41746 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-08-14 | 7.2 High |
| IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45662 | 1 Ibm | 1 Safer Payments | 2025-08-14 | 7.5 High |
| IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources. | ||||
| CVE-2024-22348 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | 5.3 Medium |
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | ||||
| CVE-2024-45672 | 1 Ibm | 1 Security Verify Bridge | 2025-08-14 | 6 Medium |
| IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service. | ||||
| CVE-2024-45077 | 1 Ibm | 1 Maximo Asset Management | 2025-08-14 | 6.5 Medium |
| IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. | ||||
| CVE-2024-52890 | 1 Ibm | 2 Engineering Lifecycle Optimization, Engineering Lifecycle Optimization - Publishing | 2025-08-14 | 6.1 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs. | ||||
| CVE-2023-38012 | 1 Ibm | 1 Cloud Pak System | 2025-08-14 | 5.3 Medium |
| IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2025-36000 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | 4.4 Medium |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-22349 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | 4 Medium |
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system. | ||||