Ibm Security Vulnerabilities (CVEs)
Track 904 security vulnerabilities affecting Ibm products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2022-22487 allows remote attackers to perform brute force attacks against IBM Spectrum Protect storage agents because administrative login attempt...
Jun 30, 2022This vulnerability in IBM Db2 allows unauthorized information disclosure through improper privilege management when using table functions. Attackers c...
Jun 24, 2022CVE-2022-31767 is a critical OS command injection vulnerability in IBM CICS TX that allows remote attackers to execute arbitrary commands on affected ...
Jun 24, 2022CVE-2021-38945 is a critical vulnerability in IBM Cognos Analytics that allows remote attackers to upload arbitrary files due to improper content vali...
Jun 24, 2022This SQL injection vulnerability in IBM Financial Transaction Manager for Digital Payments allows remote attackers to execute arbitrary SQL commands. ...
Jun 15, 2022This CSRF vulnerability in IBM Spectrum Copy Data Management allows attackers to trick authenticated users into performing unauthorized actions on the...
Jun 10, 2022This critical vulnerability in SevOne Network Management System allows remote attackers to execute arbitrary commands via the traceroute.php file, lea...
Jun 7, 2022IBM Spectrum Protect Plus versions 10.1.0.0 through 10.1.9.3 write credentials in clear text to virgo log files during certain operations. This expose...
Jun 6, 2022This SQL injection vulnerability in IBM InfoSphere Information Server 11.7 allows remote attackers to execute arbitrary SQL commands against the back-...
Jun 6, 2022This SQL injection vulnerability in IBM i 7.3, 7.4, and 7.5 allows remote attackers to execute arbitrary SQL commands against the database. Attackers ...
May 24, 2022This vulnerability in IBM Spectrum Scale 5.1 and Elastic Storage System 6.1 allows unauthorized access to user data or injection of arbitrary data thr...
May 24, 2022This vulnerability in IBM DataPower Gateway allows remote attackers to cause a temporary denial of service by sending specially crafted invalid HTTP r...
May 17, 2022This vulnerability in IBM DataPower Gateway allows a remote attacker to cause a denial of service by sending multiple requests that consume system res...
May 17, 2022This vulnerability in Intel In-Band Manageability software allows a privileged user to bypass authentication mechanisms via network access, potentiall...
May 12, 2022This vulnerability in IBM Spectrum Virtualize allows attackers to gain unauthorized access by reusing support-generated credentials. It affects IBM Sp...
May 11, 2022CVE-2022-22454 is an OS command injection vulnerability in IBM InfoSphere Information Server that allows authenticated local attackers to execute arbi...
May 10, 2022IBM Cloud Pak System versions 2.3.0 through 2.3.3.3 Interim Fix 1 use weak cryptographic algorithms, allowing attackers to decrypt sensitive informati...
May 9, 2022CVE-2022-22433 allows attackers to perform server-side request forgery (SSRF) attacks against IBM Robotic Process Automation. By exploiting improper i...
May 5, 2022IBM Spectrum Scale versions 5.1.0 through 5.1.3.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This ...
May 3, 2022IBM UrbanCode Deploy 7.1.1.2 uses weak cryptographic algorithms that could allow attackers to decrypt sensitive information stored or transmitted by t...
Apr 29, 2022CVE-2022-22315 is a privilege escalation vulnerability in IBM UrbanCode Deploy that allows authenticated users with special permissions to gain elevat...
Apr 27, 2022IBM QRadar SIEM fails to automatically log users out after exceeding idle timeout in certain situations, allowing unauthorized session persistence. Th...
Apr 27, 2022This vulnerability in IBM QRadar allows an attacker to impersonate legitimate users or systems due to insufficient authentication during key exchange....
Apr 27, 2022CVE-2022-22392 is an unrestricted file upload vulnerability in IBM Planning Analytics Local 2.0 that allows attackers to upload arbitrary executable f...
Apr 25, 2022CVE-2021-39040 is an unrestricted file upload vulnerability in IBM Planning Analytics Workspace 2.0 that allows attackers to upload malicious executab...
Apr 25, 2022An authentication bypass vulnerability in Lenovo Fan Power Controller2 (FPC2) and System Management Module (SMM) firmware allows unauthenticated attac...
Apr 22, 2022This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Analytics versions 11.1.7 and 11.2.0. An attacker could trick authe...
Apr 22, 2022IBM Security Guardium versions 10.5 and 11.3 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information stored or t...
Apr 19, 2022This vulnerability in IBM System Storage DS8000 Management Console allows remote attackers to access sensitive information through unpublished URLs. I...
Apr 11, 2022CVE-2022-22410 is an information disclosure vulnerability in IBM Watson Query with Cloud Pak for Data as a Service that allows authenticated users to ...
Apr 6, 2022This vulnerability in IBM UrbanCode Deploy uses weak cryptographic algorithms that could allow attackers to decrypt sensitive information stored or tr...
Apr 1, 2022CVE-2022-22331 is an Insecure Direct Object Reference (IDOR) vulnerability in IBM Sterling Partner Engagement Manager 6.2.0 that allows authenticated ...
Apr 1, 2022This vulnerability allows attackers to perform a firmware downgrade attack on IBM Power 9 AC922 servers with specific BMC firmware versions. This coul...
Mar 24, 2022CVE-2022-22394 is an access control bypass vulnerability in IBM Spectrum Protect 8.1.14.000 server that allows authenticated attackers to gain unautho...
Mar 21, 2022This vulnerability allows attackers to perform Slowloris HTTP denial-of-service attacks against IBM Spectrum Protect Plus and IBM Spectrum Copy Data M...
Mar 14, 2022This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.13.xxx. ...
Mar 14, 2022This vulnerability in IBM Guardium Data Encryption allows CSV injection attacks where malicious formulas can be embedded in exported CSV files. When o...
Mar 10, 2022This vulnerability in IBM AIX and VIOS allows a non-privileged user on a trusted host to exploit the nimsh daemon to cause denial of service on anothe...
Mar 7, 2022This vulnerability in IBM Sterling External Authentication Server and IBM Sterling Secure Proxy allows a remote attacker to cause a denial of service ...
Feb 23, 2022IBM Maximo Asset Management 7.6.1.2 does not enforce strong password policies by default, allowing weak passwords that can be easily guessed or brute-...
Feb 18, 2022This vulnerability in IBM OPENBMC OP920, OP930, and OP940 allows unauthenticated attackers to access sensitive information without credentials. It aff...
Feb 4, 2022IBM Financial Transaction Manager 3.2.4 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users ...
Feb 2, 2022This critical authentication bypass vulnerability in IBM Security Verify Access allows an attacker to authenticate as any user on the system when the ...
Feb 2, 2022IBM Security Guardium Insights 3.0 contains an improper input validation vulnerability that allows authenticated users to perform unauthorized actions...
Jan 26, 2022This LDAP injection vulnerability in IBM WebSphere Application Server - Liberty allows authenticated remote attackers to manipulate LDAP queries throu...
Jan 25, 2022IBM Cognos Controller versions 10.4.0 through 10.4.2 contain an XML External Entity (XXE) vulnerability that allows remote attackers to read sensitive...
Jan 21, 2022This vulnerability in IBM Cognos Controller allows attackers to modify application behavior by exploiting public fields in public classes, potentially...
Jan 21, 2022This vulnerability allows a non-privileged local user on affected IBM AIX and VIOS systems to exploit a flaw in the lscore command, potentially leadin...
Jan 11, 2022IBM Security Verify versions 10.0.0 through 10.0.2.0 use weak cryptographic algorithms, allowing attackers to decrypt sensitive information stored or ...
Jan 10, 2022IBM Security Verify versions 10.0.0 through 10.0.2.0 contain an input validation vulnerability during QR code generation that could allow attackers to...
Jan 10, 2022Why Monitor Ibm Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 904+ known vulnerabilities affecting Ibm products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Ibm packages in under 60 seconds. No agents required - completely agentless scanning that works across Ibm deployments.
Free vulnerability database: Access detailed information about every Ibm CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Ibm CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
