Ibm Security Vulnerabilities (CVEs)

IBM Security Verify Access versions 10.0.0.0 through 10.0.7.1, under certain configurations, are vulnerable to asymmetric resource consumption denial-...

This vulnerability in IBM Security Verify Access allows local users to access sensitive information from trace logs. It affects versions 10.0.0 throug...

This CVE describes a local privilege escalation vulnerability in IBM TCP/IP Connectivity Utilities for i on IBM i 7.3, 7.4, and 7.5. An attacker with ...

IBM WebSphere Application Server 8.5 and 9.0 has an identity spoofing vulnerability where authenticated users can impersonate other users due to impro...

This vulnerability in IBM QRadar Suite and Cloud Pak for Security allows authenticated users to execute arbitrary commands due to improper input valid...

This CVE describes a local privilege escalation vulnerability in IBM i operating systems where a non-administrative user can configure a physical file...

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain text, allowing administrative users to read sensitive authentication data. This vuln...

This vulnerability allows an authenticated user to crash IBM Db2 servers by executing a specially crafted query against certain columnar tables. It af...

IBM Db2 databases running versions 10.5, 11.1, and 11.5 on Linux, UNIX, and Windows are vulnerable to denial of service attacks. An attacker can crash...

IBM i Service Tools Server (SST) versions 7.2 through 7.5 are vulnerable to user enumeration by remote attackers. This allows malicious actors to iden...

This vulnerability in IBM Security Verify Access Docker allows local users to escalate their privileges by exploiting unnecessary privilege execution....

IBM Planning Analytics Local versions 2.0 and 2.1 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicio...

IBM Planning Analytics Local 2.0 and 2.1 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users to inject maliciou...

IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malic...

This vulnerability allows users with access to IBM Db2 Kubernetes pods to make unauthorized system calls, potentially compromising container security....

IBM Engineering Workflow Management versions 7.0.2 and 7.0.3 contain a stored cross-site scripting (XSS) vulnerability that allows authenticated users...

IBM Security Guardium versions 11.4, 11.5, and 12.0 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malic...

IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1 contain an authentication flaw where expired access tokens can still be used to retriev...

This vulnerability in IBM App Connect Enterprise allows authenticated users to trigger an uncaught exception, causing a denial of service (DoS) condit...

This vulnerability allows a non-privileged local user on affected IBM AIX and VIOS systems to exploit a flaw in the invscout command to execute arbitr...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy that allows authenticated users to inject malicious JavaScript i...

This vulnerability in IBM App Connect Enterprise allows attackers to cause a denial of service by exploiting improper resource allocation restrictions...

This vulnerability in IBM QRadar SIEM 7.5 allows privileged users to configure user management settings that could unintentionally expose sensitive in...

IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection, allowing attackers to inject malicious HTML that executes in victims' browsers wi...

This vulnerability in IBM Security Guardium allows a local user to gain elevated privileges on the system due to improper permissions control. It affe...

This vulnerability in IBM Spectrum Fusion HCI allows attackers to perform unauthorized actions in RGW (RADOS Gateway) for Ceph due to improper bucket ...

This vulnerability in IBM SDK Java Technology Edition's Object Request Broker allows attackers to cause denial of service by bypassing deserialization...

IBM Watson CP4D Data Stores versions 4.0.0 through 4.8.4 store sensitive information in log files that could be read by local users. This information ...

This SQL injection vulnerability in IBM Cognos Controller allows remote attackers to execute arbitrary SQL commands against the back-end database. Att...

IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 fail to properly invalidate user sessions after logout, allowing an authenticated attacker t...

IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive informatio...

IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 are vulnerable to injection attacks in application logging due to improper sanitization of u...

This vulnerability in IBM Cognos Controller allows remote attackers to enumerate valid usernames by analyzing differences in error messages. Attackers...

IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive informatio...

CVE-2023-37407 is an OS command injection vulnerability in IBM Aspera Orchestrator that allows authenticated remote attackers to execute arbitrary com...

IBM Cognos Analytics versions 11.2.0-11.2.4 and 12.0.0-12.0.2 have improper input validation in application logging, allowing injection attacks. This ...

This vulnerability in IBM Cloud Pak for Security and IBM QRadar Suite Software allows authenticated users to modify dashboard parameters due to improp...

CVE-2024-28764 is a CSV injection vulnerability in IBM WebSphere Automation 1.7.0 that allows attackers with network access to execute arbitrary comma...

This vulnerability in IBM i and IBM Rational Development Studio for i allows a local user to execute arbitrary code with administrator privileges due ...

IBM MQ Appliance 9.3 CD and LTS have a heap-based buffer overflow vulnerability due to improper bounds checking. Remote authenticated attackers can ex...

IBM Aspera Faspex versions 5.0.0 through 5.0.7 have a local privilege escalation vulnerability due to insecure credential storage, allowing a local us...

This XML External Entity Injection (XXE) vulnerability in IBM WebSphere Application Server allows attackers to process malicious XML data, potentially...

IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 have a missing certificate validation vulnerability when deploying Open Source scr...

This vulnerability allows remote attackers to perform directory traversal attacks on IBM Maximo Application Suite systems. By sending specially crafte...

This vulnerability in IBM Security Verify Access and IBM Application Gateway allows remote attackers to obtain sensitive information or cause denial o...

IBM Common Cryptographic Architecture (CCA) versions 7.0.0 through 7.5.36 contain a vulnerability in AES operation handling that could allow a remote ...

This CVE describes a CSV injection vulnerability in IBM Cloud Pak for Automation that allows remote attackers to execute arbitrary commands on affecte...

IBM Maximo Application Suite 7.6.1.3 contains an XML External Entity (XXE) vulnerability that allows attackers to read sensitive files from the server...