Filtered by vendor Ibm
Subscribe
Total
7850 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27275 | 1 Ibm | 1 I | 2025-09-29 | N/A | 7.4 HIGH |
| IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. | |||||
| CVE-2024-22341 | 1 Ibm | 1 Watson Query With Cloud Pak For Data | 2025-09-29 | N/A | 5.3 MEDIUM |
| IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. | |||||
| CVE-2024-22316 | 1 Ibm | 1 Sterling File Gateway | 2025-09-29 | N/A | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. | |||||
| CVE-2024-54175 | 1 Ibm | 1 Mq | 2025-09-26 | N/A | 5.5 MEDIUM |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. | |||||
| CVE-2025-36139 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | N/A | 5.5 MEDIUM |
| IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36146 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | N/A | 4.3 MEDIUM |
| IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. | |||||
| CVE-2025-36143 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | N/A | 4.7 MEDIUM |
| IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. | |||||
| CVE-2025-36082 | 1 Ibm | 1 Openpages | 2025-09-24 | N/A | 4.0 MEDIUM |
| IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system. | |||||
| CVE-2025-36174 | 1 Ibm | 1 Integrated Analytics System | 2025-09-23 | N/A | 8.0 HIGH |
| IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. | |||||
| CVE-2025-0164 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-09-20 | N/A | 2.3 LOW |
| IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment. | |||||
| CVE-2024-47120 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2025-09-18 | N/A | 6.4 MEDIUM |
| IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges. | |||||
| CVE-2025-33008 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-09-18 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-45669 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2025-09-17 | N/A | 6.5 MEDIUM |
| IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to uncontrolled resource consumption. | |||||
| CVE-2024-45671 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2025-09-17 | N/A | 5.9 MEDIUM |
| IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2025-2988 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-09-17 | N/A | 2.7 LOW |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system. | |||||
| CVE-2025-1761 | 1 Ibm | 1 Concert | 2025-09-17 | N/A | 5.9 MEDIUM |
| IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | |||||
| CVE-2025-36003 | 1 Ibm | 1 Security Verify Governance | 2025-09-16 | N/A | 7.5 HIGH |
| IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. | |||||
| CVE-2023-35006 | 1 Ibm | 1 Security Qradar Edr | 2025-09-15 | N/A | 5.4 MEDIUM |
| IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2025-33120 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-09-15 | N/A | 7.8 HIGH |
| IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges. | |||||
| CVE-2025-36042 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-09-15 | N/A | 5.4 MEDIUM |
| IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||