Filtered by vendor Ibm
Subscriptions
Total
7933 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36124 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | 5.9 Medium |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration | ||||
| CVE-2024-22347 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | 5.9 Medium |
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-51462 | 1 Ibm | 1 Qradar Wincollect | 2025-08-14 | 4 Medium |
| IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. | ||||
| CVE-2024-51465 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2025-08-14 | 8.8 High |
| IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | ||||
| CVE-2025-3320 | 1 Ibm | 1 Tivoli Monitoring | 2025-08-13 | 8.1 High |
| IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | ||||
| CVE-2025-3354 | 1 Ibm | 1 Tivoli Monitoring | 2025-08-13 | 8.1 High |
| IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | ||||
| CVE-2023-38013 | 1 Ibm | 1 Cloud Pak System | 2025-08-13 | 5.3 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system. | ||||
| CVE-2023-38271 | 1 Ibm | 1 Cloud Pak System | 2025-08-13 | 4.3 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files. | ||||
| CVE-2023-38713 | 1 Ibm | 1 Cloud Pak System | 2025-08-13 | 5.3 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system. | ||||
| CVE-2023-38714 | 1 Ibm | 1 Cloud Pak System | 2025-08-13 | 5.3 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system. | ||||
| CVE-2023-38716 | 1 Ibm | 1 Cloud Pak System | 2025-08-13 | 5.3 Medium |
| IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system. | ||||
| CVE-2022-43916 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2025-08-13 | 6.8 Medium |
| IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure. | ||||
| CVE-2024-49339 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager For Multiplatform, Linux On Ibm Z and 1 more | 2025-08-13 | 6.4 Medium |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-49349 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager For Multiplatform, Linux On Ibm Z and 1 more | 2025-08-13 | 6.1 Medium |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-31887 | 1 Ibm | 2 Security Verify Privilege, Security Verify Privilege On-premises | 2025-08-13 | 7.5 High |
| IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651. | ||||
| CVE-2023-47731 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-13 | 5.4 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203. | ||||
| CVE-2024-25050 | 1 Ibm | 2 I, Rational Developer For I | 2025-08-13 | 8.4 High |
| IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242. | ||||
| CVE-2022-38386 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-13 | 5.9 Medium |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778. | ||||
| CVE-2023-47727 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-13 | 4.3 Medium |
| IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089. | ||||
| CVE-2024-49338 | 3 Ibm, Linux, Microsoft | 4 Aix, App Connect Enterprise, Linux Kernel and 1 more | 2025-08-13 | 4.4 Medium |
| IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials. | ||||