Filtered by vendor Ibm
Subscriptions
Total
7979 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31881 | 1 Ibm | 1 Db2 | 2025-11-04 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613. | ||||
| CVE-2024-31880 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-11-04 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | ||||
| CVE-2024-28762 | 1 Ibm | 1 Db2 | 2025-11-04 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246. | ||||
| CVE-2020-4430 | 1 Ibm | 1 Data Risk Manager | 2025-11-04 | 4.3 Medium |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | ||||
| CVE-2020-4428 | 1 Ibm | 1 Data Risk Manager | 2025-11-04 | 9.1 Critical |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. | ||||
| CVE-2020-4427 | 1 Ibm | 1 Data Risk Manager | 2025-11-04 | 9.8 Critical |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. | ||||
| CVE-2025-36137 | 1 Ibm | 1 Sterling Connect\ | 2025-11-04 | 7.2 High |
| IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts. | ||||
| CVE-2024-51464 | 1 Ibm | 1 I | 2025-11-03 | 4.3 Medium |
| IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. | ||||
| CVE-2024-51463 | 1 Ibm | 1 I | 2025-11-03 | 5.4 Medium |
| IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2024-35142 | 1 Ibm | 1 Security Verify Access Docker | 2025-11-03 | 8.4 High |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418. | ||||
| CVE-2024-35141 | 1 Ibm | 2 Db2, Security Verify Access Docker | 2025-11-03 | 7.8 High |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. | ||||
| CVE-2024-35140 | 1 Ibm | 1 Security Verify Access Docker | 2025-11-03 | 7.7 High |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. | ||||
| CVE-2024-35139 | 1 Ibm | 2 Security Access Manager, Security Verify Access Docker | 2025-11-03 | 6.2 Medium |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415. | ||||
| CVE-2024-35137 | 1 Ibm | 2 Security Access Manager, Security Verify Access Docker | 2025-11-03 | 6.2 Medium |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413. | ||||
| CVE-2024-31874 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | 6.2 Medium |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. | ||||
| CVE-2024-31873 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | 7.5 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | ||||
| CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | 7.5 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | ||||
| CVE-2024-31871 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | 7.5 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | ||||
| CVE-2024-25053 | 1 Ibm | 1 Cognos Analytics | 2025-11-03 | 5.9 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364. | ||||
| CVE-2024-25041 | 1 Ibm | 1 Cognos Analytics | 2025-11-03 | 5.4 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780. | ||||