Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-39168 1 Ibm 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services 2025-05-20 N/A 7.5 HIGH
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
CVE-2023-35006 1 Ibm 1 Security Qradar Edr 2025-05-19 N/A 5.4 MEDIUM
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2023-33860 1 Ibm 1 Security Qradar Edr 2025-05-19 N/A 5.3 MEDIUM
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
CVE-2025-1493 1 Ibm 1 Db2 2025-05-16 N/A 5.3 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.
CVE-2025-2898 1 Ibm 1 Maximo Application Suite 2025-05-16 N/A 7.5 HIGH
IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.
CVE-2022-38388 1 Ibm 1 Navigator Mobile 2025-05-15 N/A 5.5 MEDIUM
IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.
CVE-2025-0915 1 Ibm 1 Db2 2025-05-13 N/A 5.3 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.
CVE-2025-1000 1 Ibm 1 Db2 2025-05-13 N/A 5.3 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.
CVE-2024-25016 1 Ibm 2 Mq, Mq Appliance 2025-05-12 N/A 7.5 HIGH
IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.
CVE-2024-56338 1 Ibm 1 Sterling B2b Integrator 2025-05-12 N/A 4.8 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-1551 1 Ibm 1 Operational Decision Manager 2025-05-12 N/A 6.1 MEDIUM
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2022-43890 1 Ibm 1 Security Verify Privilege On-premises 2025-05-08 N/A 5.3 MEDIUM
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453.
CVE-2024-25029 1 Ibm 1 Personal Communications 2025-05-07 N/A 9.0 CRITICAL
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
CVE-2024-25021 1 Ibm 2 Aix, Vios 2025-05-06 N/A 8.4 HIGH
IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.
CVE-2021-0193 1 Ibm 1 In-band Manageability 2025-05-05 6.5 MEDIUM 7.2 HIGH
Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.
CVE-2022-42442 2 Ibm, Redhat 2 Robotic Process Automation For Cloud Pak, Openshift Container Platform 2025-05-05 N/A 3.3 LOW
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.
CVE-2022-40747 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-05-05 N/A 9.1 CRITICAL
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584."
CVE-2022-30615 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-05-05 N/A 5.4 MEDIUM
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592.
CVE-2022-30608 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-05-05 N/A 8.8 HIGH
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.
CVE-2022-22442 3 Ibm, Linux, Microsoft 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more 2025-05-05 N/A 6.5 MEDIUM
"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."