Filtered by vendor Ibm
Subscribe
Total
7850 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36225 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-10-14 | N/A | 4.3 MEDIUM |
| IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data. | |||||
| CVE-2023-37401 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-10-14 | N/A | 5.3 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted. | |||||
| CVE-2025-36171 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-10-14 | N/A | 4.9 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption. | |||||
| CVE-2025-36248 | 1 Ibm | 1 Copy Services Manager | 2025-10-08 | N/A | 5.4 MEDIUM |
| IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36144 | 1 Ibm | 1 Watsonx.data | 2025-10-03 | N/A | 3.3 LOW |
| IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2025-36326 | 1 Ibm | 2 Cognos Controller, Controller | 2025-10-03 | N/A | 3.7 LOW |
| IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies. | |||||
| CVE-2025-36064 | 1 Ibm | 1 Sterling Connect\ | 2025-10-03 | N/A | 5.9 MEDIUM |
| IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||||
| CVE-2025-36202 | 1 Ibm | 1 Webmethods Integration | 2025-10-03 | N/A | 7.5 HIGH |
| IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source. | |||||
| CVE-2025-36037 | 1 Ibm | 1 Webmethods Integration | 2025-10-03 | N/A | 5.4 MEDIUM |
| IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-36011 | 1 Ibm | 1 Jazz For Service Management | 2025-10-03 | N/A | 4.3 MEDIUM |
| IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | |||||
| CVE-2025-36099 | 1 Ibm | 1 Websphere Application Server | 2025-10-03 | N/A | 4.9 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources. | |||||
| CVE-2025-36352 | 1 Ibm | 1 License Metric Tool | 2025-10-03 | N/A | 6.4 MEDIUM |
| IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36351 | 1 Ibm | 1 License Metric Tool | 2025-10-03 | N/A | 4.3 MEDIUM |
| IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions. | |||||
| CVE-2025-36262 | 1 Ibm | 1 Planning Analytics Local | 2025-10-03 | N/A | 4.9 MEDIUM |
| IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input. | |||||
| CVE-2025-36132 | 1 Ibm | 1 Planning Analytics Local | 2025-10-03 | N/A | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-50300 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | N/A | 5.1 MEDIUM |
| IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls. | |||||
| CVE-2023-49883 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | N/A | 5.9 MEDIUM |
| IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2023-49881 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | N/A | 6.3 MEDIUM |
| IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2023-50301 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | N/A | 1.9 LOW |
| IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2025-36222 | 1 Ibm | 3 Storage Fusion, Storage Fusion Hci, Storage Fusion Hci For Watsonx | 2025-10-02 | N/A | 8.7 HIGH |
| IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions. | |||||