Filtered by vendor Ibm
Subscriptions
Total
8060 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26022 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-02-13 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. | ||||
| CVE-2023-26021 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-02-13 | 7.5 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. | ||||
| CVE-2023-25929 | 1 Ibm | 1 Cognos Analytics | 2025-02-13 | 4.6 Medium |
| IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. | ||||
| CVE-2023-23487 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Db2, Linux Kernel and 2 more | 2025-02-13 | 4.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918. | ||||
| CVE-2022-34357 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2025-02-13 | 6.5 Medium |
| IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510. | ||||
| CVE-2021-39036 | 1 Ibm | 1 Cognos Analytics | 2025-02-13 | 6.1 Medium |
| IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966. | ||||
| CVE-2019-4036 | 1 Ibm | 1 Security Access Manager | 2025-02-13 | 7.5 High |
| IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. | ||||
| CVE-2018-1890 | 1 Ibm | 1 Sdk | 2025-02-13 | N/A |
| IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. | ||||
| CVE-2018-1822 | 1 Ibm | 4 Flashsystem 840, Flashsystem 840 Firmware, Flashsystem 900 and 1 more | 2025-02-13 | N/A |
| IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296. | ||||
| CVE-2018-1495 | 1 Ibm | 4 Flashsystem 840, Flashsystem 840 Firmware, Flashsystem 900 and 1 more | 2025-02-13 | N/A |
| IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. | ||||
| CVE-2024-25034 | 1 Ibm | 1 Planning Analytics Local | 2025-02-12 | 8 High |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | ||||
| CVE-2024-40693 | 1 Ibm | 1 Planning Analytics Local | 2025-02-12 | 8 High |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | ||||
| CVE-2023-28950 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2025-02-12 | 5.1 Medium |
| IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. | ||||
| CVE-2023-50306 | 1 Ibm | 1 Common Licensing | 2025-02-12 | 4 Medium |
| IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337. | ||||
| CVE-2023-37398 | 1 Ibm | 1 Aspera Faspex | 2025-02-12 | 5.9 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2023-35907 | 1 Ibm | 1 Aspera Faspex | 2025-02-12 | 5.9 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2023-28514 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2025-02-12 | 6.2 Medium |
| IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. | ||||
| CVE-2022-47984 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-02-12 | 6.3 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | ||||
| CVE-2022-39161 | 1 Ibm | 1 Websphere Application Server | 2025-02-12 | 4.8 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069. | ||||
| CVE-2022-34333 | 1 Ibm | 1 Sterling Order Management | 2025-02-10 | 5.9 Medium |
| IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. | ||||