Filtered by vendor Ibm
Subscribe
Total
8250 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-8855 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | N/A | 8.1 HIGH |
| IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication). | |||||
| CVE-2026-8856 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | N/A | 7.7 HIGH |
| IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. | |||||
| CVE-2026-5935 | 1 Ibm | 2 Total Storage Service Console, Ts4500 Imc | 2026-05-18 | N/A | 7.3 HIGH |
| IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input. | |||||
| CVE-2025-36074 | 1 Ibm | 1 Security Verify Directory | 2026-05-13 | N/A | 5.5 MEDIUM |
| IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system. | |||||
| CVE-2026-5926 | 1 Ibm | 4 Security Verify Access, Security Verify Access Container, Verify Identity Access and 1 more | 2026-05-13 | N/A | 6.5 MEDIUM |
| IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2026-3621 | 1 Ibm | 1 Websphere Application Server | 2026-05-13 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured. | |||||
| CVE-2025-36335 | 1 Ibm | 1 Watsonx.data | 2026-05-12 | N/A | 6.2 MEDIUM |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | |||||
| CVE-2025-36180 | 1 Ibm | 1 Watsonx.data | 2026-05-12 | N/A | 5.3 MEDIUM |
| IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | |||||
| CVE-2026-1577 | 1 Ibm | 1 Db2 | 2026-05-10 | N/A | 6.5 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | |||||
| CVE-2025-13702 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2026-05-10 | N/A | 6.1 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2026-6389 | 1 Ibm | 1 Turbonomic Prometurbo Agent | 2026-05-05 | N/A | 8.8 HIGH |
| IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise. | |||||
| CVE-2026-2311 | 1 Ibm | 1 I | 2026-05-01 | N/A | 6.4 MEDIUM |
| IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege. | |||||
| CVE-2025-14688 | 1 Ibm | 1 Db2 | 2026-05-01 | N/A | 5.3 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist. | |||||
| CVE-2025-36122 | 1 Ibm | 1 Db2 | 2026-05-01 | N/A | 6.5 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources. | |||||
| CVE-2026-1272 | 1 Ibm | 1 Guardium Data Protection | 2026-04-27 | N/A | 2.7 LOW |
| IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. | |||||
| CVE-2026-1274 | 1 Ibm | 1 Guardium Data Protection | 2026-04-27 | N/A | 4.9 MEDIUM |
| IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel. | |||||
| CVE-2026-1352 | 1 Ibm | 1 Db2 | 2026-04-27 | N/A | 6.5 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | |||||
| CVE-2026-4917 | 1 Ibm | 1 Guardium Data Protection | 2026-04-27 | N/A | 4.9 MEDIUM |
| IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system. | |||||
| CVE-2026-4918 | 1 Ibm | 1 Guardium Data Protection | 2026-04-27 | N/A | 5.5 MEDIUM |
| IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2026-4919 | 1 Ibm | 1 Guardium Data Protection | 2026-04-27 | N/A | 4.8 MEDIUM |
| IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||