Ibm Security Vulnerabilities (CVEs)

IBM Concert Software versions 1.0.0 through 1.1.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This ...

IBM Concert Software versions 1.0.0 through 1.1.0 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicio...

IBM Concert Software versions 1.0.0 through 1.1.0 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicio...

IBM Concert Software versions 1.0.0 through 1.1.0 fail to properly enable HTTP Strict Transport Security (HSTS), allowing attackers to intercept unenc...

This SQL injection vulnerability in IBM watsonx Orchestrate Cartridge allows remote attackers to execute arbitrary SQL commands against the back-end d...

IBM Security Verify Governance Identity Manager 10.0.2 discloses sensitive technical error information to remote attackers. This information leakage v...

This clickjacking vulnerability in IBM Cognos Command Center allows attackers to trick users into clicking malicious elements by overlaying transparen...

CVE-2025-1994 is a local privilege escalation vulnerability in IBM Cognos Command Center that allows authenticated local users to execute arbitrary co...

CVE-2025-33120 is a privilege escalation vulnerability in IBM QRadar SIEM where authenticated users can gain elevated privileges through a misconfigur...

IBM Edge Application Manager 4.5 contains a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauthorized ...

IBM QRadar SOAR Plugin App versions 1.0.0 through 5.6.0 contain a directory traversal vulnerability that allows remote attackers to read arbitrary fil...

This cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator and File Gateway allows authenticated attackers to inject malicious JavaS...

This vulnerability allows authenticated users in IBM Storage Virtualize to escalate privileges via SSH sessions due to improper authorization checks. ...

CVE-2025-1759 is an information disclosure vulnerability in IBM Concert Software where improper heap memory clearing allows remote attackers to read s...

IBM Concert Software versions 1.0.0 through 1.1.0 have an overly permissive CORS configuration that doesn't restrict allowed origins to trusted domain...

CVE-2025-33090 is a denial-of-service vulnerability in IBM Concert Software where a remote attacker can send specially crafted regular expressions tha...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM TS4500 web GUI that allows authenticated users to inject malicious JavaScript. Th...

IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8 are vulnerable to a denial of service attack where a remote attacker can s...

IBM WebSphere Application Server 8.5 and 9.0 have a TLS security weakness that could allow attackers to downgrade or weaken TLS connections. This affe...

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 25.0.0.8 contain a stored cross-site scripting vulnerability that allows privileged...

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 25.0.0.8 contain a vulnerability where JMS messaging configuration is not properly ...

CVE-2025-36119 is a web session hijacking vulnerability in IBM Digital Certificate Manager for i (DCM) that allows authenticated non-administrator use...

IBM Guardium Data Protection transmits sensitive credential information in cleartext, allowing remote attackers to intercept and obtain authentication...

CVE-2025-3320 is a heap-based buffer overflow vulnerability in IBM Tivoli Monitoring that allows remote attackers to execute arbitrary code or crash t...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. Attacke...

This CVE describes an open redirect vulnerability in IBM Operational Decision Manager that allows attackers to conduct phishing attacks. By tricking u...

IBM Aspera Faspex versions 5.0.0 through 5.0.12.1 have a client-side security control bypass vulnerability where authenticated users can perform unaut...

A local user can exploit a stack-based buffer overflow in IBM Db2's db2fm component on Linux systems to execute arbitrary code with elevated privilege...

IBM Db2 database servers running vulnerable versions can crash when processing specially crafted queries due to improper memory resource release. This...

IBM Db2 database servers are vulnerable to denial of service attacks where a specially crafted query can cause the server to crash. This affects Db2 v...

IBM Db2 for Linux versions 12.1.0 through 12.1.2 contain a vulnerability where a specially crafted query can cause the database server to crash, resul...

IBM Informix Dynamic Server versions 12.10 and 14.10 contain an HTML injection vulnerability that allows remote attackers to inject malicious HTML cod...

IBM i operating systems versions 7.2 through 7.6 contain a database authority check vulnerability that allows unauthorized execution of database proce...

A local user can exploit a stack-based buffer overflow in IBM Engineering Systems Design Rhapsody to execute arbitrary code on the system. This affect...

IBM Db2 Mirror for i GUI has a cross-site WebSocket hijacking vulnerability that allows unauthenticated attackers to intercept WebSocket connections. ...

This vulnerability in IBM SmartCloud Analytics - Log Analysis allows a local user to cause a denial of service by exploiting improper input validation...

This vulnerability in IBM SmartCloud Analytics - Log Analysis allows a local authenticated attacker to bypass client-side security controls to manipul...

IBM Cognos Analytics Mobile for iOS versions 1.1.0 through 1.1.22 transmits data over unencrypted network connections, potentially exposing sensitive ...

A stack-based buffer overflow vulnerability in IBM WebSphere Application Server allows attackers to cause denial of service by sending specially craft...

IBM QRadar SIEM versions 7.5 through 7.5.0 UP12 IF02 contain a stored cross-site scripting vulnerability that allows authenticated users to inject mal...

This vulnerability in IBM Storage Scale allows authenticated users to access sensitive files through insecure SMB protocol permissions. It affects IBM...

A use-after-free vulnerability (CWE-416) in IBM MQ 9.3 and 9.4 allows a malicious client to crash the AMQRMPPA channel process via SIGSEGV when connec...

IBM Analytics Content Hub versions 2.0-2.3 have a file upload vulnerability that allows attackers to upload malicious executable files. This could ena...

IBM Analytics Content Hub versions 2.0-2.3 expose sensitive information through detailed error messages returned to browsers. This information disclos...

IBM OpenPages 9.0 has a vulnerability where authenticated users can access sensitive workflow configuration and internal state information through ins...

This vulnerability in IBM InfoSphere Data Replication VSAM for z/OS allows remote attackers to cause denial of service by sending specially crafted in...

This vulnerability allows authenticated users to bypass client-side validation in IBM OpenPages with Watson, enabling them to save GRC Objects without...

IBM OpenPages with Watson versions 8.3 and 9.0 store encrypted data with weaker-than-expected security, potentially allowing attackers to extract and ...

This vulnerability in IBM Sterling File Gateway allows authenticated users to access sensitive installation directory information. Attackers could use...