Filtered by vendor Ibm
Subscribe
Total
8131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13734 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2026-03-04 | N/A | 5.4 MEDIUM |
| IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions. | |||||
| CVE-2025-14604 | 1 Ibm | 1 Storage Scale | 2026-03-04 | N/A | 6.6 MEDIUM |
| IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. | |||||
| CVE-2025-14923 | 1 Ibm | 1 Websphere Application Server | 2026-03-04 | N/A | 4.7 MEDIUM |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. | |||||
| CVE-2025-36364 | 1 Ibm | 1 Devops Plan | 2026-03-04 | N/A | 6.2 MEDIUM |
| IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. | |||||
| CVE-2026-1265 | 1 Ibm | 1 Infosphere Information Server | 2026-03-04 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file. | |||||
| CVE-2025-36363 | 1 Ibm | 1 Devops Plan | 2026-03-04 | N/A | 5.9 MEDIUM |
| IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||||
| CVE-2025-13616 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | N/A | 6.5 MEDIUM |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. | |||||
| CVE-2025-13686 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | N/A | 6.3 MEDIUM |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component. | |||||
| CVE-2025-13687 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | N/A | 6.3 MEDIUM |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component. | |||||
| CVE-2025-13688 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | N/A | 6.3 MEDIUM |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component. | |||||
| CVE-2025-13108 | 1 Ibm | 1 Db2 Merge Backup | 2026-02-26 | N/A | 5.5 MEDIUM |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | |||||
| CVE-2025-33124 | 1 Ibm | 1 Db2 Merge Backup | 2026-02-26 | N/A | 6.5 MEDIUM |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size. | |||||
| CVE-2025-27904 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 6.5 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2025-27903 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 5.9 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2025-27900 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 6.8 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2025-27898 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 6.3 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2025-27899 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 5.3 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. | |||||
| CVE-2025-27901 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-25 | N/A | 6.5 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | |||||
| CVE-2025-36033 | 1 Ibm | 1 Engineering Lifecycle Management | 2026-02-25 | N/A | 5.4 MEDIUM |
| IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36094 | 1 Ibm | 1 Cloud Pak For Business Automation | 2026-02-25 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length. | |||||