Filtered by vendor Ibm
Subscriptions
Total
7979 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36437 | 1 Ibm | 1 Planning Analytics Local | 2025-12-09 | 4.3 Medium |
| IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system. | ||||
| CVE-2025-36102 | 1 Ibm | 2 Cognos Controller, Controller | 2025-12-09 | 2.7 Low |
| IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security. | ||||
| CVE-2025-36140 | 1 Ibm | 1 Watsonx.data | 2025-12-09 | 6.5 Medium |
| IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits. | ||||
| CVE-2025-64650 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-12-09 | 6.5 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files. | ||||
| CVE-2025-33111 | 1 Ibm | 2 Cognos Controller, Controller | 2025-12-09 | 4.3 Medium |
| IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks. | ||||
| CVE-2025-12635 | 1 Ibm | 1 Websphere Application Server | 2025-12-09 | 5.4 Medium |
| IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. | ||||
| CVE-2025-12832 | 1 Ibm | 1 Infosphere Information Server | 2025-12-09 | 4.6 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-36015 | 1 Ibm | 2 Cognos Controller, Controller | 2025-12-09 | 6.5 Medium |
| IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input. | ||||
| CVE-2025-36017 | 1 Ibm | 1 Controller | 2025-12-09 | 6.5 Medium |
| IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user. | ||||
| CVE-2024-56464 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-12-09 | 2.7 Low |
| IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update. | ||||
| CVE-2025-36118 | 1 Ibm | 1 Storage Virtualize | 2025-12-08 | 7.5 High |
| IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request. | ||||
| CVE-2017-1303 | 1 Ibm | 1 Websphere Portal | 2025-12-04 | 6.1 Medium |
| IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457. | ||||
| CVE-2024-29032 | 2 Ibm, Qiskit | 2 Qiskit Ibm Runtime, Qiskit-ibm-runtime | 2025-12-03 | 5.3 Medium |
| Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue. | ||||
| CVE-2024-45656 | 1 Ibm | 57 Ess 5000 \(5105-22e\), Ess 5000 \(5105-22e\) Firmware, Power9 System Firmware and 54 more | 2025-12-03 | 9.8 Critical |
| IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP. | ||||
| CVE-2024-45675 | 1 Ibm | 1 Informix Dynamic Server | 2025-12-03 | 8.4 High |
| IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password. | ||||
| CVE-2025-25048 | 1 Ibm | 1 Jazz Foundation | 2025-12-02 | 6.5 Medium |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory. | ||||
| CVE-2024-43184 | 1 Ibm | 1 Jazz Foundation | 2025-12-02 | 6.1 Medium |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36149 | 1 Ibm | 1 Concert | 2025-12-02 | 6.3 Medium |
| IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim. | ||||
| CVE-2025-36088 | 1 Ibm | 5 Diamondback Tape Library, Diamondback Tape Library Firmware, Storage Ts4500 Library and 2 more | 2025-12-01 | 5.4 Medium |
| IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36114 | 1 Ibm | 1 Soar Qradar Plugin App | 2025-12-01 | 6.5 Medium |
| IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||