Filtered by vendor Ibm
Subscriptions
Total
7945 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3632 | 1 Ibm | 2 4769 Developers Toolkit, Common Cryptographic Architecture | 2025-08-28 | 7.5 High |
| IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size. | ||||
| CVE-2025-2900 | 2 Ibm, Redhat | 2 Semeru Runtime, Enterprise Linux | 2025-08-28 | 7.5 High |
| IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation. | ||||
| CVE-2025-1138 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-08-28 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. | ||||
| CVE-2025-25029 | 1 Ibm | 1 Security Guardium | 2025-08-28 | 4.9 Medium |
| IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. | ||||
| CVE-2025-25026 | 1 Ibm | 1 Security Guardium | 2025-08-28 | 4.3 Medium |
| IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. | ||||
| CVE-2024-45673 | 3 Ibm, Linux, Microsoft | 6 Security Verify Bridge, Security Verify Bridge Directory Sync, Security Verify Gateway For Radius and 3 more | 2025-08-27 | 5.5 Medium |
| IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user. | ||||
| CVE-2024-51472 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-27 | 3.1 Low |
| IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | ||||
| CVE-2024-35138 | 1 Ibm | 1 Security Verify Access | 2025-08-27 | 6.5 Medium |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-28782 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-27 | 6.3 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. | ||||
| CVE-2025-3440 | 1 Ibm | 1 Security Guardium | 2025-08-26 | 5.5 Medium |
| IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-51475 | 1 Ibm | 1 Content Navigator | 2025-08-26 | 5.4 Medium |
| IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2025-33103 | 1 Ibm | 1 I | 2025-08-26 | 8.5 High |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. | ||||
| CVE-2024-45641 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-08-26 | 6.5 Medium |
| IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. | ||||
| CVE-2025-33137 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-08-26 | 7.1 High |
| IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security. | ||||
| CVE-2025-33136 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-08-26 | 7.1 High |
| IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data. | ||||
| CVE-2025-33138 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-08-26 | 5.4 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2025-33079 | 1 Ibm | 2 Cognos Controller, Controller | 2025-08-26 | 6.5 Medium |
| IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. | ||||
| CVE-2024-45094 | 1 Ibm | 7 Ds8900f Firmware, Hardware Management Console R10.0, Hardware Management Console R10.0 Firmware and 4 more | 2025-08-26 | 5.5 Medium |
| IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-25025 | 1 Ibm | 1 Security Guardium | 2025-08-26 | 4.3 Medium |
| IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2025-3357 | 1 Ibm | 1 Tivoli Monitoring | 2025-08-26 | 9.8 Critical |
| IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. | ||||