Ibm Security Vulnerabilities (CVEs)

This vulnerability in IBM Planning Analytics Local versions 2.1.0 through 2.1.15 allows attackers to obtain sensitive information about server archite...

IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 IF01 have an information disclosure vulnerability that exposes directory information. This could allow...

This vulnerability in IBM watsonx.data allows authenticated users to cause denial of service by exhausting resources in ingestion pods due to improper...

IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.18 write sensitive user credentials to log files. This allows attackers with acce...

This vulnerability in IBM Controller and Cognos Controller allows authenticated attackers to potentially access sensitive information through race con...

This vulnerability in IBM Controller and Cognos Controller allows authenticated users to cause denial of service by sending specially crafted input th...

IBM Controller and Cognos Controller versions store sensitive information unencrypted in environmental variables files, allowing authenticated users t...

This vulnerability allows privileged users in IBM Controller/Cognos Controller to bypass server-side security validation by manipulating client-side i...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server and Liberty versions where improper input validation...

This CVE describes a server-side request forgery (SSRF) vulnerability in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6. An auth...

This vulnerability allows attackers to potentially steal sensitive session cookies in IBM Sterling B2B Integrator and Sterling File Gateway products. ...

IBM Concert versions 1.0.0 through 2.0.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects o...

This vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway allows unauthorized users to access sensitive server IP configuration info...

IBM Concert Software versions 1.0.0 through 2.0.0 contain a clickjacking vulnerability (CWE-1021) that allows remote attackers to hijack user clicks. ...

This vulnerability in IBM webMethods Integration allows authenticated users to execute arbitrary code on affected systems through insecure deserializa...

IBM Concert versions 1.0.0 through 2.0.0 contain an uncontrolled recursive directory copying vulnerability that allows local users with specific permi...

IBM Concert versions 1.0.0 through 2.0.0 have a log file forgery vulnerability where local users can manipulate log entries to impersonate other users...

IBM Concert versions 1.0.0 through 2.0.0 disclose sensitive server information via HTTP response headers. This information leakage could help attacker...

IBM Concert versions 1.0.0 through 2.0.0 contain a cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject malicious ...

IBM Concert versions 1.0.0 through 2.0.0 fail to properly enable HTTP Strict-Transport-Security (HSTS), allowing man-in-the-middle attackers to interc...

IBM i operating systems (versions 7.2-7.6) have an information disclosure vulnerability in the database plan cache implementation. Authenticated users...

IBM Storage Virtualize IKEv1 implementation contains an information disclosure vulnerability where remote attackers can extract sensitive data from de...

IBM Planning Analytics Local versions 2.1.0 through 2.1.14 store sensitive information in source code, potentially exposing credentials or configurati...

CVE-2025-36357 is a directory traversal vulnerability in IBM Planning Analytics Local that allows authenticated remote attackers to access arbitrary f...

IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 store user credentials in configuration files that are committed to source control. This allows authen...

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to inject malicious...

IBM OpenPages 9.0 and 9.1 has insecure REST endpoints that allow authenticated users to access system metadata beyond their intended permissions. This...

IBM Cognos Analytics Certified Containers 12.1.0 contains hidden pages that can expose package parameter information to unauthorized users. This infor...

IBM Db2's clpplus command exposes user credentials in terminal output, allowing anyone with physical access to the system to view them. This affects D...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway. An authenticated attacker can ...

A local user on systems running vulnerable IBM Db2 versions can cause a denial of service by exploiting a flaw in the database monitor script. The scr...

This vulnerability in IBM Db2 allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query...

IBM Db2 12.1.0 through 12.1.3 on Linux, UNIX, and Windows (including Db2 Connect Server) contains a local privilege escalation vulnerability. Under sp...

This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exploiting improper resource release after use. It affects Db2 ...

This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exploiting improper resource allocation. It affects Db2 version...

IBM Db2 databases running vulnerable versions can be crashed by a specially crafted query, causing denial of service. This affects Db2 11.1.0-11.1.4.7...

This vulnerability in IBM Db2 allows authenticated users to regain access to their accounts even after being locked out due to password expiration. It...

IBM OpenPages versions 9.0 and 9.1 with Watson are vulnerable to HTML injection, allowing attackers to inject malicious HTML that executes in victims'...

This stored XSS vulnerability in IBM Cloud Pak for Business Automation allows authenticated users to inject malicious JavaScript into the web interfac...

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an XML external entity injection (XXE) vulnerability that allows remote a...

This vulnerability in IBM Cloud Pak for Business Automation allows authenticated users to assign invalid ownership to dashboards, potentially making t...

This vulnerability in IBM Cloud Pak for Business Automation allows authenticated users to cause denial of service by sending specially crafted input t...

This vulnerability in IBM Cloud Pak for Business Automation allows attackers to perform unauthorized actions or access restricted content through man-...

This vulnerability in IBM InfoSphere Information Server allows non-root users within a container environment to escalate their privileges to root-leve...

CVE-2025-3355 is a directory traversal vulnerability in IBM Tivoli Monitoring that allows remote attackers to read arbitrary files on the system by se...

This vulnerability in IBM Sterling Connect Direct for Unix allows CCD users with existing privileges to escalate their permissions further through mai...