Ibm Security Vulnerabilities (CVEs)

This vulnerability in IBM Db2 allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query...

This CVE describes an authorization bypass vulnerability in IBM Db2 where authenticated users can execute unauthorized commands by exploiting cataloge...

IBM Db2 databases are vulnerable to denial of service attacks when users execute queries containing the JSON_Object scalar function, which can trigger...

This vulnerability allows a local user with filesystem access to escalate privileges on IBM Db2 for Windows systems due to an unquoted search path ele...

This vulnerability in IBM Db2 allows authenticated users to cause denial of service by submitting specially crafted queries. It affects Db2 versions 1...

This vulnerability in IBM Db2 allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query...

This vulnerability in IBM Db2 allows authenticated users to execute specially crafted SQL statements with XML that trigger uncontrolled recursion, lea...

IBM Db2 databases running vulnerable versions can experience denial of service when specific SELECT queries are executed against certain table types, ...

This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exploiting improper resource allocation. It affects Db2 version...

This vulnerability in IBM Db2 allows a local user to cause a denial of service by copying large tables containing XML data, due to improper system res...

This CVE describes a local privilege escalation vulnerability in IBM Db2 where an instance owner can execute malicious code to gain root privileges. T...

This vulnerability in IBM Db2 allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query...

This vulnerability in IBM Db2 allows authenticated users to cause a denial of service by excessively using a global variable. It affects IBM Db2 for L...

IBM Db2 database servers running versions 11.5.0 through 11.5.9 are vulnerable to denial of service attacks. An authenticated user can crash the serve...

IBM Application Gateway versions 23.10 through 25.09 are vulnerable to HTML injection, allowing attackers to inject malicious HTML that executes in us...

IBM ApplinX 11.1 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious JavaScript into the we...

IBM ApplinX 11.1 contains a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious JavaScript into the web inter...

IBM ApplinX 11.1 has a client-side security enforcement vulnerability that allows authenticated users to perform unauthorized administrative actions o...

IBM ApplinX 11.1 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unautho...

IBM ApplinX 11.1 has a privilege escalation vulnerability where attackers can craft or modify JWT tokens to impersonate users or gain elevated privile...

IBM ApplinX 11.1 can disclose sensitive server architecture information through an unspecified vulnerability. This information disclosure could help a...

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator fails to properly invalidate user sessions after logout, allowing authenticated users...

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 fails to properly invalidate user sessions when a ...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM Sterling Connect:Express Adapter for Sterling B2B Integrator. Unauthenticated att...

This cross-site scripting vulnerability in IBM Sterling Connect:Express Adapter allows authenticated users to inject malicious JavaScript into the web...

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 fails to properly invalidate session IDs after use...

IBM Application Gateway versions 23.10 through 25.09 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject mali...

IBM Concert versions 1.0.0 through 2.1.0 contain an unrestricted file upload vulnerability that allows attackers to upload malicious files to the web ...

This vulnerability in IBM Business Automation Workflow containers allows attackers to access sensitive configuration information stored in config maps...

This vulnerability in IBM Business Automation Workflow containers allows local users with container access to execute arbitrary operating system comma...

IBM Concert versions 1.0.0 through 2.1.0 contain a heap memory disclosure vulnerability where sensitive information from previously allocated memory c...

IBM Concert versions 1.0.0 through 2.1.0 contain a heap memory disclosure vulnerability where sensitive information from previously allocated memory c...

IBM Aspera Console 3.4.7 stores sensitive information in log files that could be accessed by local privileged users. This vulnerability allows attacke...

A local privilege escalation vulnerability exists in IBM Concert due to a race condition involving symbolic link handling. This allows authenticated l...

IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 have inconsistent permissions between the user interface and backend API, allowing users to access...

This vulnerability in IBM Aspera Faspex 5 allows authenticated users to enumerate sensitive information by discovering package identifiers. It affects...

IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 contain an HTML injection vulnerability that allows attackers to inject malicious HTML code. When ...

IBM Db2 Intelligence Center versions 1.1.0 through 1.1.2 contain a client-side enforcement vulnerability where security mechanisms that should be enfo...

This vulnerability in IBM DS8000 storage systems allows local users with authorized CCW update permissions to delete or corrupt backups due to missing...

IBM Concert versions 1.0.0 through 2.1.0 contain a heap memory clearing vulnerability that could allow remote attackers to read sensitive information ...

CVE-2025-12771 is a stack-based buffer overflow vulnerability in IBM Concert versions 1.0.0 through 2.1.0. A local authenticated user could exploit th...

IBM Concert versions 1.0.0 through 2.1.0 store sensitive information in cleartext during recursive Docker builds, allowing local users to access crede...

This CVE describes a race condition vulnerability in IBM UrbanCode Deploy and DevOps Deploy where HTTP session client-IP binding enforcement can be by...

IBM UrbanCode Deploy versions 8.1 through 8.1.2.3 contain an information disclosure vulnerability where authenticated users with LLM integration confi...

IBM DevOps Deploy versions 8.1 through 8.1.2.3 transmit sensitive data in unencrypted plain text, allowing attackers to intercept and read confidentia...

CVE-2025-13214 is a SQL injection vulnerability in IBM Aspera Orchestrator that allows remote attackers to execute arbitrary SQL commands. This could ...

This vulnerability allows authenticated users of IBM Aspera Orchestrator to execute arbitrary commands with elevated system privileges due to improper...

This vulnerability in IBM Aspera Orchestrator allows authenticated users to change other users' passwords without knowing their current passwords. Thi...

This vulnerability in IBM Aspera Orchestrator allows authenticated users to cause denial of service in the email service by sending requests at a freq...