Filtered by vendor Ibm
Subscribe
Total
8129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36438 | 1 Ibm | 1 Concert | 2026-03-26 | N/A | 5.1 MEDIUM |
| IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints. | |||||
| CVE-2026-2485 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-03-26 | N/A | 4.8 MEDIUM |
| IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36440 | 1 Ibm | 1 Concert | 2026-03-26 | N/A | 5.1 MEDIUM |
| IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control. | |||||
| CVE-2025-64646 | 1 Ibm | 1 Concert | 2026-03-26 | N/A | 6.2 MEDIUM |
| IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | |||||
| CVE-2025-64647 | 1 Ibm | 1 Concert | 2026-03-26 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | |||||
| CVE-2025-64648 | 1 Ibm | 1 Concert | 2026-03-26 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2026-1276 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-03-24 | N/A | 5.4 MEDIUM |
| IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36051 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-03-24 | N/A | 6.2 MEDIUM |
| IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user. | |||||
| CVE-2025-15051 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-03-23 | N/A | 5.4 MEDIUM |
| IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality. | |||||
| CVE-2025-13995 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-03-23 | N/A | 5.0 MEDIUM |
| IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account. | |||||
| CVE-2025-14483 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 4.3 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system. | |||||
| CVE-2025-14504 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2026-0835 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36368 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 6.5 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2023-40693 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-14806 | 2 Ibm, Microsoft | 2 Planning Analytics Local, Windows | 2026-03-19 | N/A | 5.7 MEDIUM |
| IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources. | |||||
| CVE-2026-1267 | 2 Ibm, Microsoft | 2 Planning Analytics Local, Windows | 2026-03-19 | N/A | 6.5 MEDIUM |
| IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls. | |||||
| CVE-2026-1376 | 1 Ibm | 1 I | 2026-03-19 | N/A | 7.5 HIGH |
| IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources. | |||||
| CVE-2026-3856 | 1 Ibm | 1 Db2 Recovery Expert | 2026-03-19 | N/A | 5.3 MEDIUM |
| IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission. | |||||
| CVE-2026-1264 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-19 | N/A | 7.1 HIGH |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities. | |||||