Filtered by vendor Ibm
Subscriptions
Total
7705 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35122 | 1 Ibm | 1 I | 2025-07-03 | 2.8 Low |
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file. | ||||
| CVE-2024-52895 | 1 Ibm | 1 I | 2025-07-03 | 6.5 Medium |
| IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database. | ||||
| CVE-2025-36004 | 1 Ibm | 1 I | 2025-07-03 | 8.8 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2025-33122 | 1 Ibm | 1 I | 2025-07-03 | 7.5 High |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2025-3218 | 1 Ibm | 1 I | 2025-07-03 | 5.4 Medium |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server. | ||||
| CVE-2025-2950 | 1 Ibm | 1 I | 2025-07-03 | 5.4 Medium |
| IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior. | ||||
| CVE-2024-55898 | 1 Ibm | 1 I | 2025-07-03 | 8.5 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2022-39163 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | 4.7 Medium |
| IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks. | ||||
| CVE-2024-40702 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | 8.2 High |
| IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | ||||
| CVE-2024-28778 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | 6.5 Medium |
| IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization. | ||||
| CVE-2024-25037 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | 4.3 Medium |
| IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. | ||||
| CVE-2022-22363 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | 4.3 Medium |
| IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2021-20455 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | 3.7 Low |
| IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2024-25048 | 1 Ibm | 1 Mq Appliance | 2025-07-03 | 7.5 High |
| IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. | ||||
| CVE-2024-54173 | 1 Ibm | 2 Mq, Mq Appliance | 2025-07-03 | 4.7 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. | ||||
| CVE-2025-0975 | 1 Ibm | 2 Mq, Mq Appliance | 2025-07-03 | 8.8 High |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. | ||||
| CVE-2025-23225 | 1 Ibm | 2 Mq, Mq Appliance | 2025-07-03 | 6.5 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. | ||||
| CVE-2024-51471 | 1 Ibm | 1 Mq Appliance | 2025-07-03 | 5.3 Medium |
| IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSÂ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. | ||||
| CVE-2024-52898 | 3 Ibm, Linux, Microsoft | 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more | 2025-07-03 | 6.2 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned. | ||||
| CVE-2024-52897 | 3 Ibm, Linux, Microsoft | 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more | 2025-07-03 | 6.2 Medium |
| IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | ||||