Ibm Security Vulnerabilities (CVEs)

IBM InfoSphere Information Server 11.7 fails to properly invalidate user sessions after logout, allowing authenticated users to reuse old session toke...

This CVE describes a local privilege escalation vulnerability in IBM Hardware Management Console for Power Systems. A local authenticated user can exe...

IBM Sterling Connect:Direct Web Services versions 6.1.0, 6.2.0, and 6.3.0 fail to properly invalidate user sessions when a browser is closed. This all...

IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.12 use weak cryptographic algorithms, potentially allowing attackers to decrypt s...

IBM Aspera Console versions 3.4.0 through 3.4.4 use weak cryptographic algorithms that could allow attackers to decrypt sensitive data. This affects o...

IBM Aspera Console versions 3.4.0 through 3.4.4 are vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attack...

This vulnerability in IBM QRadar WinCollect Agent allows remote attackers to cause denial of service by interrupting HTTP requests, leading to memory ...

IBM Sterling Control Center versions 6.2.1, 6.3.1, and 6.4.0 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inj...

This vulnerability in IBM Maximo Application Suite allows authenticated users to perform unauthorized actions due to improper input validation. It aff...

This vulnerability in IBM Maximo Application Suite 9.0 allows authenticated users to upload files with dangerous extensions that could be executed by ...

IBM TXSeries for Multiplatforms versions 9.1 and 11.1 have an HTTP header injection vulnerability that could allow remote attackers to read sensitive ...

IBM TXSeries for Multiplatforms versions 9.1 and 11.1 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject mal...

IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject ...

IBM InfoSphere Information Server 11.7 may expose sensitive user credentials in log files during new installations. This vulnerability allows attacker...

IBM InfoSphere Information Server 11.7 contains an information disclosure vulnerability where authenticated users can access sensitive local data unde...

This vulnerability in IBM PowerVM Hypervisor firmware allows a local user with specific Linux processor compatibility mode configurations to cause und...

This vulnerability in IBM Cloud Pak System allows authenticated users with network access to view sensitive information from command-line interface ar...

IBM Storage Virtualize vSphere Remote Plug-in versions 1.0 and 1.1 expose sensitive credential information to remote users after deployment. This vuln...

This vulnerability allows privileged users in IBM Security ReaQta to upload dangerous file types that can be automatically processed within the produc...

IBM Security QRadar 3.12 EDR uses weak cryptographic algorithms that could allow attackers to decrypt stored credential information. This affects orga...

This cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator allows privileged users to inject malicious JavaScript into the web inter...

This vulnerability in IBM Common Cryptographic Architecture allows remote attackers to perform timing attacks against ECDSA signature generation, pote...

This vulnerability in IBM Common Cryptographic Architecture allows authenticated users to send specially crafted valid requests that can cause a denia...

IBM Control Center versions 6.2.1 through 6.3.1 are vulnerable to server-side request forgery (SSRF) via improper input validation. Attackers can make...

IBM Concert Software 1.0.5 has an inadequate account lockout mechanism that allows attackers to perform brute force attacks against user credentials. ...

IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1 contain a vulnerability that allows users to download malicious file...

This vulnerability in IBM Engineering Requirements Management DOORS Next allows remote attackers to download temporary files, potentially exposing sen...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Serv...

This vulnerability in IBM MQ allows a local user to cause a denial of service by exploiting improper error handling. It affects IBM MQ 9.3 LTS, 9.3 CD...

This directory traversal vulnerability in IBM Cognos Analytics allows remote attackers to read arbitrary files on the server by sending specially craf...

CVE-2025-0975 is an improper input validation vulnerability in IBM MQ console that allows authenticated users to execute arbitrary code by exploiting ...

This vulnerability in IBM MQ allows authenticated users to send specially crafted messages with invalid headers to queues, causing the queue manager t...

IBM MQ versions 9.3 and 9.4 expose sensitive information in trace files when webconsole trace is enabled. This information disclosure vulnerability al...

This vulnerability allows authenticated attackers to perform directory traversal attacks on IBM EntireX 11.1 systems. By sending specially crafted URL...

IBM Cloud Pak for Data versions 4.0.0 through 4.8.5 and 5.0.0 contain a cross-site scripting (XSS) vulnerability that allows unauthenticated attackers...

This vulnerability allows users with program compilation or restoration capabilities on IBM i systems to gain elevated privileges through an unqualifi...

This vulnerability in IBM Watson Query on Cloud Pak for Data allows unauthorized access to remote data sources due to improper privilege management. A...

This vulnerability allows remote attackers to cause denial of service by sending maliciously crafted QPY files to Qiskit applications. The malformed s...

This vulnerability allows local users to read stored user credentials from configuration files in affected IBM Security products. It affects IBM Secur...

This vulnerability in IBM Security Verify Access Appliance allows local users to execute arbitrary code due to improper restrictions on code generatio...

IBM OpenPages with Watson versions 8.3 and 9.0 have a session management vulnerability where chat sessions remain active after user logout. This allow...

IBM OpenPages with Watson versions 8.3 and 9.0 contain an XML external entity injection (XXE) vulnerability that allows attackers to read sensitive fi...

IBM OpenPages with Watson versions 8.3 and 9.0 may write improperly neutralized data to server log files when System Tracing is enabled. This could al...

This vulnerability in IBM OpenPages with Watson allows attackers to spoof mail server identity when SSL/TLS security is used. Attackers could intercep...

IBM Cognos Controller and IBM Controller are vulnerable to XML External Entity Injection (XXE) attacks when processing XML data. This allows remote at...

IBM Cognos Controller and IBM Controller contain an unrestricted deserialization vulnerability that allows authenticated users to execute arbitrary co...

IBM Cognos Controller and IBM Controller Rich Client use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. Th...

This vulnerability in IBM Cognos Controller allows authenticated attackers to perform formula injection attacks by manipulating file contents. Success...