Ibm Security Vulnerabilities (CVEs)

This cross-site scripting (XSS) vulnerability in IBM Cognos Controller allows attackers to inject malicious JavaScript into the web interface. When ex...

IBM Cognos Controller and IBM Controller client applications contain hard-coded database passwords in their source code, allowing attackers to gain un...

IBM QRadar SIEM 7.5 contains a cross-site scripting vulnerability that allows privileged users to inject malicious JavaScript into the web interface. ...

This vulnerability allows privileged users on IBM i 7.4 and 7.5 systems to bypass database capability restrictions, potentially deleting or modifying ...

This vulnerability allows authenticated privileged attackers to execute arbitrary commands on IBM DevOps Deploy and UrbanCode Deploy systems by sendin...

This vulnerability in IBM DevOps Deploy and UrbanCode Deploy allows authenticated users to access sensitive information about other users due to missi...

IBM EntireX 11.1 has an XML external entity injection vulnerability that allows authenticated attackers to read sensitive files from the server or cau...

This vulnerability in IBM EntireX 11.1 allows a local user to cause a denial of service through an unhandled error condition. The issue stems from imp...

IBM Jazz for Service Management versions 1.1.3 through 1.1.3.23 contain a cross-site scripting (XSS) vulnerability that allows unauthenticated attacke...

IBM ApplinX 11.1 contains a clickjacking vulnerability that allows attackers to hijack user clicks by tricking victims into visiting malicious website...

IBM ApplinX 11.1 can expose sensitive technical error information to remote attackers through browser responses. This information disclosure vulnerabi...

IBM ApplinX 11.1 contains a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious JavaScript into the web inter...

IBM ApplinX 11.1 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unautho...

IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 improperly validate 'Client-IP' headers, allowing attackers to spoof their IP addresses in log fil...

IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 are vulnerable to HTML injection, allowing attackers to inject malicious HTML that executes in vic...

IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to ...

IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 have an email rate limiting vulnerability that allows authenticated users to send excessive emails...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM Cloud Pak for Business Automation that allows authenticated users to inject malic...

IBM Cognos Analytics is vulnerable to XML External Entity Injection (XXE), allowing attackers to read sensitive files from the server or cause denial ...

IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 contain a cross-site request forgery (CSRF) vulnerability. This allo...

IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 transmit sensitive data in cleartext over network channels, allowing...

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versions 3.2.4.0 through 3.2.4.1 contains a stored cross-site scripting (XSS) ...

This cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator allows privileged users to inject malicious JavaScript into the web inter...

This stored XSS vulnerability in IBM Sterling B2B Integrator allows authenticated users to inject malicious JavaScript into the web interface. If expl...

This CVE describes a cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator that allows privileged users to inject malicious JavaScri...

This CSRF vulnerability in IBM Sterling B2B Integrator allows attackers to trick authenticated users into performing unauthorized actions by sending m...

IBM Security Verify Directory versions 10.0 through 10.0.3 are vulnerable to denial of service when processing LDAP extended operations. Attackers can...

IBM Aspera Faspex versions 5.0.0 through 5.0.10 do not enforce strong password policies by default, allowing attackers to more easily compromise user ...

IBM Aspera Faspex versions 5.0.0 through 5.0.10 can leak sensitive username information through observable response discrepancies. This vulnerability ...

IBM Security Verify Governance 10.0.2 Identity Manager stores passwords using unsalted cryptographic hashes, making them vulnerable to rainbow table a...

IBM Security Verify Governance 10.0.2 Identity Manager transmits user credentials in clear text during communication, allowing attackers to intercept ...

IBM Fusion and IBM Fusion HCI versions 2.3.0 through 2.8.2 allow insecure network connections from compromised containers. An attacker who gains acces...

CVE-2024-22316 is an improper access control vulnerability in IBM Sterling File Gateway that allows authenticated users to perform unauthorized action...

IBM Storage Protect for Virtual Environments and Backup-Archive Client versions 8.1.0.0 through 8.1.23.0 use weak cryptographic algorithms that could ...

IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 contain an information disclosure vulnerability where authentic...

This vulnerability allows attackers to steal session cookies or authorization tokens from IBM Security Directory Integrator users by intercepting unen...

IBM InfoSphere Master Data Management versions 11.6, 12.0, and 14.0 contain a stored cross-site scripting (XSS) vulnerability that allows authenticate...

IBM Common Licensing 9.0 stores user credentials in plain text, allowing local users to read sensitive authentication data. This affects systems runni...

IBM Automation Decision Services 23.0.2 stores web pages locally in a way that allows other users on the same system to read them. This information di...

This SQL injection vulnerability in IBM Maximo Application Suite's Monitor Component allows remote attackers to execute arbitrary SQL commands. Succes...

IBM Maximo Application Suite's Monitor Component stores source code files on the web server that could be accessed by attackers. This information disc...

IBM Control Center versions 6.2.1 and 6.3.1 contain an information disclosure vulnerability where authenticated users can access sensitive information...

IBM Analytics Content Hub 2.0 discloses sensitive technical error information to remote attackers via browser responses. This information leakage coul...

IBM Analytics Content Hub 2.0 contains a buffer overflow vulnerability (CWE-120) that allows authenticated remote attackers to execute arbitrary code ...

This vulnerability in IBM Cloud Pak System allows authenticated users to access sensitive information from log files. It affects multiple versions of ...

IBM Cloud Pak System versions 2.3.3.0 through 2.3.3.7 iFix1 contain an information disclosure vulnerability that could expose sensitive system details...

IBM Control Center versions 6.2.1 and 6.3.1 expose detailed technical error messages to remote attackers, potentially revealing sensitive system infor...

This vulnerability allows remote attackers to perform directory traversal attacks on IBM Cloud Pak System. By sending specially crafted URLs containin...

IBM Planning Analytics 2.0 and 2.1 have a file upload vulnerability that allows attackers to upload malicious executable files through the web interfa...