Filtered by vendor Ibm
Subscribe
Total
8009 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13925 | 1 Ibm | 1 Aspera Console | 2026-01-30 | N/A | 4.9 MEDIUM |
| IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user. | |||||
| CVE-2025-36410 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 3.1 LOW |
| IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security. | |||||
| CVE-2025-36397 | 1 Ibm | 1 Application Gateway | 2026-01-26 | N/A | 5.4 MEDIUM |
| IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2025-36409 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36408 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 6.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36411 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 3.5 LOW |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2025-36396 | 1 Ibm | 1 Application Gateway | 2026-01-26 | N/A | 5.4 MEDIUM |
| IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36419 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 5.3 MEDIUM |
| IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. | |||||
| CVE-2025-36418 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 7.3 HIGH |
| IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges. | |||||
| CVE-2025-1719 | 1 Ibm | 1 Concert | 2026-01-26 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | |||||
| CVE-2025-1722 | 1 Ibm | 1 Concert | 2026-01-26 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | |||||
| CVE-2025-33015 | 1 Ibm | 1 Concert | 2026-01-26 | N/A | 8.8 HIGH |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | |||||
| CVE-2025-36192 | 1 Ibm | 2 Ds8a00, Ds8a00 Firmware | 2026-01-14 | N/A | 6.7 MEDIUM |
| IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS Logical corruption protection mechanisms. | |||||
| CVE-2025-14687 | 1 Ibm | 1 Db2 Intelligence Center | 2026-01-14 | N/A | 4.3 MEDIUM |
| IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms. | |||||
| CVE-2025-36437 | 1 Ibm | 1 Planning Analytics Local | 2026-01-14 | N/A | 4.3 MEDIUM |
| IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system. | |||||
| CVE-2025-2529 | 1 Ibm | 1 Terracotta | 2026-01-14 | N/A | 2.9 LOW |
| Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way. | |||||
| CVE-2019-4716 | 1 Ibm | 1 Planning Analytics | 2026-01-14 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. | |||||
| CVE-2020-4430 | 1 Ibm | 1 Data Risk Manager | 2026-01-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | |||||
| CVE-2024-43184 | 1 Ibm | 1 Jazz Foundation | 2026-01-09 | N/A | 6.1 MEDIUM |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-25048 | 1 Ibm | 1 Jazz Foundation | 2026-01-09 | N/A | 6.5 MEDIUM |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory. | |||||