Ibm Security Vulnerabilities (CVEs)
Track 891 security vulnerabilities affecting Ibm products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
IBM InfoSphere Information Server 11.7 exposes sensitive version information to remote users, which could be used for reconnaissance in targeted attac...
Jan 24, 2025This vulnerability allows authenticated low-privileged users to upload restricted file types to IBM Maximo Asset Management by appending a dot to the ...
Jan 24, 2025IBM Planning Analytics 2.0 and 2.1 have a file upload vulnerability in the File Manager T1 process that allows attackers to upload malicious executabl...
Jan 24, 2025IBM Cognos Dashboards on Cloud Pak for Data is vulnerable to dependency confusion attacks, allowing remote attackers to execute unauthorized actions b...
Jan 24, 2025IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.0 through 7.3.0.11 contain a stored cross-site scripting (XSS) vulnerability that a...
Jan 23, 2025IBM Security Verify Bridge versions 1.0.0 through 1.0.15 grant excessive privileges to the agent component, allowing a local privileged user to overwr...
Jan 23, 2025This cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator allows attackers to inject malicious JavaScript into the web interface. W...
Jan 23, 2025This CVE describes a cross-site scripting (XSS) vulnerability in IBM Robotic Process Automation for Cloud Pak that allows authenticated users to injec...
Jan 22, 2025This vulnerability allows attackers on the local network to execute arbitrary code on IBM Sterling B2B Integrator systems by exploiting insecure deser...
Jan 22, 2025IBM UrbanCode Deploy versions 7.0 through 7.2.3.13 store sensitive information in HTTP request logs that could be read by local users. This informatio...
Jan 21, 2025This vulnerability in IBM DevOps Velocity and UrbanCode Velocity uses weak cryptographic algorithms that could allow attackers to decrypt sensitive in...
Jan 20, 2025This vulnerability in IBM DevOps Velocity and UrbanCode Velocity allows local web pages to be stored insecurely, enabling other users on the same syst...
Jan 20, 2025This vulnerability in IBM Security Verify Access allows unauthenticated attackers to reset passwords for expired user accounts without knowing the cur...
Jan 20, 2025This vulnerability in IBM Sterling Secure Proxy allows privileged users to execute arbitrary operating system commands through improper input validati...
Jan 19, 2025This vulnerability in IBM TXSeries for Multiplatforms 10.1 allows remote attackers to cause denial of service by exploiting improper resource allocati...
Jan 19, 2025IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 contain incorrect permission assignments that could allow unauthorized attackers to retriev...
Jan 19, 2025IBM Sterling Connect:Direct Web Services versions 6.0-6.3 expose sensitive IP address information to authenticated users in API responses. This inform...
Jan 19, 2025This vulnerability in IBM Safer Payments allows remote attackers to cause denial of service by exploiting improper resource allocation. It affects IBM...
Jan 18, 2025IBM Concert versions 1.0.0 through 1.0.2 contain an API vulnerability that allows attackers to extract sensitive information through specially crafted...
Jan 18, 2025This XML injection vulnerability in IBM ICP - Voice Gateway allows remote attackers to send specially crafted XML statements to view or modify informa...
Jan 18, 2025IBM Jazz for Service Management versions 1.1.3 through 1.1.3.22 have improper access restrictions that could allow remote attackers to obtain sensitiv...
Jan 18, 2025IBM App Connect Enterprise versions 12.0.1.0-12.0.7.0 and 13.0.1.0, under certain configurations, allow privileged users to obtain JMS credentials. Th...
Jan 18, 2025IBM InfoSphere Information Server 11.7 contains a directory traversal vulnerability that allows remote attackers to read arbitrary files on the system...
Jan 17, 2025IBM CICS TX Advanced and Standard are vulnerable to stored cross-site scripting (XSS) that allows authenticated users to inject malicious JavaScript i...
Jan 16, 2025This vulnerability in IBM Robotic Process Automation allows remote attackers to potentially obtain sensitive data through crypto-analytic attacks. It ...
Jan 12, 2025This CVE describes a cross-site scripting (XSS) vulnerability in IBM watsonx.ai that allows authenticated users to inject malicious JavaScript into th...
Jan 12, 2025This vulnerability in IBM App Connect Enterprise Certified Container allows attackers to write unlimited data to the local filesystem, potentially exh...
Jan 9, 2025IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) version 11.5 may write sensitive information to log files under specific conditions...
Jan 8, 2025This vulnerability exposes Artifactory API keys in IBM Cognos Controller and IBM Controller, allowing authenticated users to publish code to private p...
Jan 7, 2025This vulnerability in IBM Cognos Controller and IBM Controller allows unauthorized users to obtain valid authentication tokens due to improper certifi...
Jan 7, 2025CVE-2022-22363 is an information disclosure vulnerability in IBM Cognos Controller and IBM Controller that exposes detailed technical error messages t...
Jan 7, 2025IBM Security ReaQta 3.12 discloses sensitive information in HTTP responses that could aid attackers in reconnaissance or further exploitation. This af...
Jan 7, 2025This vulnerability in IBM Concert Software allows authenticated users to inject malicious content into log files or extract sensitive information from...
Jan 7, 2025This vulnerability in IBM Concert Software allows attackers to intercept unencrypted HTTP traffic due to missing HTTP Strict Transport Security (HSTS)...
Jan 7, 2025IBM Sterling B2B Integrator is vulnerable to stored cross-site scripting (XSS) that allows authenticated users to inject malicious JavaScript into the...
Jan 6, 2025This vulnerability in IBM Engineering Lifecycle Optimization - Publishing allows remote attackers to trigger an unhandled SSL exception, potentially l...
Jan 4, 2025IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 use weak cryptographic algorithms, potentially allowing attackers to decr...
Jan 4, 2025This vulnerability in IBM Engineering Lifecycle Optimization - Publishing allows remote attackers to cause denial of service by sending specially craf...
Jan 4, 2025This SQL injection vulnerability in IBM Engineering Lifecycle Optimization - Publishing allows remote attackers to execute arbitrary SQL commands agai...
Jan 4, 2025IBM PowerHA SystemMirror for i fails to set the secure attribute on authorization tokens and session cookies, allowing attackers to steal these cookie...
Jan 3, 2025A local privilege escalation vulnerability in IBM AIX and VIOS TCP/IP kernel extension allows non-privileged local users to cause a denial of service....
Dec 25, 2024A local privilege escalation vulnerability in IBM AIX's perfstat kernel extension allows non-privileged local users to cause a denial of service. This...
Dec 25, 2024This vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights allows remote attackers to obtain sensitive information through de...
Dec 25, 2024This vulnerability allows authenticated IBM i users to bypass interface restrictions in Navigator for i by sending specially crafted requests. Attacke...
Dec 21, 2024IBM Cognos Analytics has a file upload vulnerability that allows attackers to upload malicious executable files through the web interface without prop...
Dec 20, 2024IBM Cognos Analytics is vulnerable to Expression Language (EL) Injection, allowing remote attackers to execute malicious EL statements. This can lead ...
Dec 20, 2024This vulnerability allows remote authenticated attackers to execute arbitrary commands on IBM Security Directory Integrator systems by sending special...
Dec 20, 2024This vulnerability in IBM MQ Appliance web console allows authenticated users to cause denial-of-service when trace functionality is enabled. It occur...
Dec 19, 2024IBM MQ web console versions 9.2-9.4 can leak sensitive technical error information to remote attackers. This information disclosure vulnerability affe...
Dec 19, 2024This vulnerability in IBM Security Verify Access Docker allows local users to escalate privileges due to unnecessary privilege execution. It affects I...
Dec 19, 2024Why Monitor Ibm Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 891+ known vulnerabilities affecting Ibm products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Ibm packages in under 60 seconds. No agents required - completely agentless scanning that works across Ibm deployments.
Free vulnerability database: Access detailed information about every Ibm CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Ibm CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
