Filtered by vendor Ibm
Subscriptions
Total
7705 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33136 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-05-30 | 7.1 High |
| IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data. | ||||
| CVE-2025-33137 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-05-30 | 7.1 High |
| IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security. | ||||
| CVE-2025-33138 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-05-30 | 5.4 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2023-38003 | 1 Ibm | 1 Db2 | 2025-05-29 | 7.2 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214. | ||||
| CVE-2022-40616 | 1 Ibm | 1 Maximo Asset Management | 2025-05-28 | 8.1 High |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311. | ||||
| CVE-2023-28523 | 1 Ibm | 2 Informix Dynamic Server, Informix Dynamic Server On Cloud Pak For Data | 2025-05-27 | 8.4 High |
| IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. | ||||
| CVE-2022-34348 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2025-05-22 | 7.1 High |
| IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017. | ||||
| CVE-2022-22423 | 2 Ibm, Linux | 5 Aix, Common Cryptographic Architecture, I and 2 more | 2025-05-22 | 5.5 Medium |
| IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596. | ||||
| CVE-2022-35721 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2025-05-22 | 5.4 Medium |
| IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380. | ||||
| CVE-2023-45170 | 1 Ibm | 2 Aix, Vios | 2025-05-22 | 8.4 High |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968. | ||||
| CVE-2023-43042 | 1 Ibm | 1 Storage Virtualize | 2025-05-22 | 7.5 High |
| IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874. | ||||
| CVE-2022-40748 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-22 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586. | ||||
| CVE-2024-45641 | 1 Ibm | 1 Security Qradar Edr | 2025-05-21 | 6.5 Medium |
| IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. | ||||
| CVE-2023-33861 | 1 Ibm | 1 Security Qradar Edr | 2025-05-21 | 6.5 Medium |
| IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. | ||||
| CVE-2022-36771 | 1 Ibm | 1 Qradar User Behavior Analytics | 2025-05-21 | 6.5 Medium |
| IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791. | ||||
| CVE-2022-35722 | 1 Ibm | 1 Jazz For Service Management | 2025-05-20 | 5.4 Medium |
| IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381. | ||||
| CVE-2022-35282 | 1 Ibm | 1 Websphere Application Server | 2025-05-20 | 6.5 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. | ||||
| CVE-2022-22387 | 1 Ibm | 1 Application Gateway | 2025-05-20 | 5.4 Medium |
| IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965. | ||||
| CVE-2022-39168 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services | 2025-05-20 | 7.5 High |
| IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | ||||
| CVE-2023-35006 | 1 Ibm | 1 Security Qradar Edr | 2025-05-19 | 5.4 Medium |
| IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||