Filtered by vendor Ibm
Subscribe
Total
8013 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4716 | 1 Ibm | 1 Planning Analytics | 2026-01-14 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. | |||||
| CVE-2020-4430 | 1 Ibm | 1 Data Risk Manager | 2026-01-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | |||||
| CVE-2024-43184 | 1 Ibm | 1 Jazz Foundation | 2026-01-09 | N/A | 6.1 MEDIUM |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-25048 | 1 Ibm | 1 Jazz Foundation | 2026-01-09 | N/A | 6.5 MEDIUM |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory. | |||||
| CVE-2025-13915 | 1 Ibm | 1 Api Connect | 2025-12-31 | N/A | 9.8 CRITICAL |
| IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. | |||||
| CVE-2025-36154 | 1 Ibm | 1 Concert | 2025-12-30 | N/A | 6.2 MEDIUM |
| IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user. | |||||
| CVE-2025-12771 | 1 Ibm | 1 Concert | 2025-12-29 | N/A | 7.8 HIGH |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | |||||
| CVE-2025-1721 | 1 Ibm | 1 Concert | 2025-12-29 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | |||||
| CVE-2025-36228 | 1 Ibm | 1 Aspera Faspex | 2025-12-29 | N/A | 3.8 LOW |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse. | |||||
| CVE-2025-36229 | 1 Ibm | 1 Aspera Faspex | 2025-12-29 | N/A | 3.1 LOW |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers. | |||||
| CVE-2025-36230 | 1 Ibm | 1 Aspera Faspex | 2025-12-29 | N/A | 5.4 MEDIUM |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2025-64645 | 1 Ibm | 1 Concert | 2025-12-29 | N/A | 7.7 HIGH |
| IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link. | |||||
| CVE-2025-13489 | 1 Ibm | 1 Devops Deploy | 2025-12-26 | N/A | 5.9 MEDIUM |
| IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2025-33116 | 1 Ibm | 1 Watson Studio | 2025-12-22 | N/A | 4.4 MEDIUM |
| IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36100 | 1 Ibm | 1 Mq | 2025-12-19 | N/A | 5.1 MEDIUM |
| IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user. | |||||
| CVE-2025-36125 | 1 Ibm | 1 Hardware Management Console | 2025-12-19 | N/A | 6.4 MEDIUM |
| IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36035 | 1 Ibm | 23 Power System E1050 \(9043-mrx\), Power System E1080 \(9080-hex\), Power System E950 \(9040-mr9\) and 20 more | 2025-12-19 | N/A | 6.7 MEDIUM |
| IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources. | |||||
| CVE-2025-36360 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-12-18 | N/A | 5.0 MEDIUM |
| IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions. | |||||
| CVE-2025-36157 | 1 Ibm | 1 Jazz Foundation | 2025-12-18 | N/A | 9.8 CRITICAL |
| IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions. | |||||
| CVE-2025-14148 | 1 Ibm | 1 Devops Deploy | 2025-12-18 | N/A | 6.5 MEDIUM |
| IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token. | |||||