Filtered by vendor Ibm
Subscriptions
Total
7946 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54173 | 1 Ibm | 2 Mq, Mq Appliance | 2025-07-03 | 4.7 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. | ||||
| CVE-2025-0975 | 1 Ibm | 2 Mq, Mq Appliance | 2025-07-03 | 8.8 High |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. | ||||
| CVE-2025-23225 | 1 Ibm | 2 Mq, Mq Appliance | 2025-07-03 | 6.5 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. | ||||
| CVE-2024-51471 | 1 Ibm | 1 Mq Appliance | 2025-07-03 | 5.3 Medium |
| IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSÂ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. | ||||
| CVE-2024-52898 | 3 Ibm, Linux, Microsoft | 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more | 2025-07-03 | 6.2 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned. | ||||
| CVE-2023-45177 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-07-03 | 5.3 Medium |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066. | ||||
| CVE-2025-0823 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | 6.5 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2024-49352 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | 7.1 High |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2024-51466 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | 9 Critical |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement. | ||||
| CVE-2024-40695 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | 8 High |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | ||||
| CVE-2024-25047 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2025-07-02 | 8.6 High |
| IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956. | ||||
| CVE-2024-27264 | 1 Ibm | 1 I | 2025-06-30 | 7.4 High |
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | ||||
| CVE-2023-27859 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-06-20 | 6.5 Medium |
| IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. | ||||
| CVE-2024-55897 | 1 Ibm | 2 I, Powerha System Mirror | 2025-06-20 | 4.3 Medium |
| IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||
| CVE-2022-22491 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2025-06-20 | 5.5 Medium |
| IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. | ||||
| CVE-2024-41744 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-06-18 | 6.5 Medium |
| IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2021-20450 | 1 Ibm | 1 Cognos Controller | 2025-06-18 | 4.3 Medium |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640. | ||||
| CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-06-17 | 6.2 Medium |
| IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | ||||
| CVE-2024-23622 | 1 Ibm | 1 Merge Efilm Workstation | 2025-06-17 | 10 Critical |
| A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. | ||||
| CVE-2023-50963 | 1 Ibm | 1 Storage Defender Data Protect | 2025-06-17 | 6.5 Medium |
| IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | ||||