Ibm Security Vulnerabilities (CVEs)

This XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server allows attackers to read sensitive files from the server by exploiti...

This vulnerability allows authenticated users to execute arbitrary commands on IBM DataStage systems due to improper input validation in the wrapped c...

IBM Aspera faspio Gateway 1.3.6 uses weak cryptographic algorithms that could allow attackers to decrypt sensitive data transmitted through the gatewa...

This vulnerability allows authenticated users to execute arbitrary commands on IBM DataStage systems due to improper input validation in the job subro...

This vulnerability in IBM webMethods API Gateway and API Management allows attackers to read arbitrary files on the server by manipulating the URL par...

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 write sensitive information to log files, potentially exposing credentials or oth...

IBM DevOps Plan versions 3.0.0 through 3.0.5 store web page cache locally without proper isolation, allowing other users on the same system to read ca...

This vulnerability in IBM Engineering Requirements Management DOORS Next allows authenticated users to view and edit data beyond their assigned permis...

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.2 have a security weakness in the Security Utility that could allow reduced ...

IBM App Connect Enterprise Certified Container transmits sensitive data in clear text without encryption, allowing attackers to intercept information ...

IBM WebSphere Application Server versions 9.0 and 8.5 have a security weakness in system administration security settings that could allow attackers t...

CVE-2025-13689 is an unrestricted file upload vulnerability in IBM DataStage on Cloud Pak for Data that allows authenticated users to upload malicious...

This vulnerability allows local users with knowledge of IBM Concert's system architecture to escalate privileges by exploiting incorrect file permissi...

This vulnerability in IBM Sterling B2B Integrator and File Gateway exposes sensitive technical error messages to remote privileged attackers. Attacker...

This vulnerability in IBM watsonx.data allows privileged users to upload malicious files that could be executed on the server, potentially modifying l...

This vulnerability in IBM Cloud Pak System allows authenticated users to perform unauthorized actions due to improper access controls. It affects IBM ...

IBM Security QRadar EDR and ReaQta use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organiz...

IBM Security QRadar EDR versions 3.12 through 3.12.23 fail to properly invalidate sessions after expiration, allowing authenticated users to impersona...

IBM DataStage on Cloud Pak for Data versions 5.1.2 through 5.3.0 returns sensitive information in HTTP responses that could enable user impersonation....

IBM Concert versions 1.0.0 through 2.1.0 contain hard-coded credentials that could allow remote attackers to authenticate to the system without proper...

IBM Concert versions 1.0.0 through 2.1.0 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauth...

IBM DB2 Merge Backup contains an incorrect buffer size calculation vulnerability that allows authenticated users to crash the program. This affects IB...

IBM DB2 Recovery Expert for LUW 5.5 is vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to inject...

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 exposes sensitive information through an environment variable. This information disclosure could p...

IBM DB2 Recovery Expert for Linux, UNIX and Windows version 5.5 Interim Fix 002 is vulnerable to cross-site request forgery (CSRF). This allows attack...

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 contains an information disclosure vulnerability where sensitive data in memory may be acces...

IBM Concert for Z hub framework versions 1.0.0 through 2.1.0 contain a cross-site scripting (XSS) vulnerability that allows unauthenticated attackers ...

IBM Db2 databases running vulnerable versions are susceptible to XML external entity injection (XXE) attacks when processing XML data. This allows rem...

This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exploiting improper input sanitization in data query logic. It ...

CVE-2025-13379 is a SQL injection vulnerability in IBM Aspera Console versions 3.4.0 through 3.4.8 that allows remote attackers to execute arbitrary S...

IBM Concert versions 1.0.0 through 2.1.0 fail to properly invalidate user sessions after logout, allowing authenticated users to reuse old session tok...

IBM Concert versions 1.0.0 through 2.1.0 are vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to ...

This vulnerability in IBM Jazz Reporting Service allows authenticated users on the host network to execute specially crafted SQL queries that consume ...

This vulnerability in IBM Jazz Reporting Service allows authenticated users on the same network to access sensitive information from other projects on...

IBM Jazz Reporting Service has an insufficient resource pooling vulnerability that allows authenticated users to degrade system performance through co...

IBM Cloud Pak System fails to set the secure attribute on authorization tokens and session cookies, making them vulnerable to interception when transm...

IBM Cloud Pak System contains a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious JavaScript into the web interface. ...

IBM Cloud Pak System displays sensitive information in user messages that could aid attackers. This information disclosure vulnerability affects IBM C...

IBM Concert versions 1.0.0 through 2.1.0 store sensitive information in log files that local users can read. This information disclosure vulnerability...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM Engineering Lifecycle Management - Global Configuration Management. An authentica...

This vulnerability in IBM Cloud Pak for Business Automation allows authenticated users to cause denial of service or data corruption by sending improp...

IBM Concert versions 1.0.0 through 2.1.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects o...

This vulnerability in IBM PowerVM Hypervisor firmware allows a peer partition to access a limited amount of data in specific shared processor configur...

This vulnerability allows local administrators on IBM PowerVM systems to extract sensitive information from Virtual TPMs through specific PowerVM serv...

This CVE describes an access control vulnerability in IBM Jazz Foundation that allows authenticated users to perform actions or view data beyond their...

This vulnerability allows a privileged user in IBM WebSphere Application Server Liberty to upload a zip archive containing path traversal sequences, w...

This vulnerability in IBM Db2 allows authenticated users to cause a denial of service by exploiting improper input sanitization in the RPSCAN feature'...

IBM Db2 databases running vulnerable versions can crash when processing specially crafted XML queries, causing denial of service. This affects Db2 11....

This vulnerability in IBM Db2 allows authenticated users to cause denial of service by submitting specially crafted queries that trigger improper neut...

IBM Db2 databases are vulnerable to denial of service attacks when processing specially crafted queries due to insufficient input validation. This aff...