Filtered by vendor Ibm
Subscriptions
Total
8130 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36143 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | 4.7 Medium |
| IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. | ||||
| CVE-2025-36082 | 1 Ibm | 2 Openpages, Openpages With Watson | 2025-09-24 | 4 Medium |
| IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system. | ||||
| CVE-2025-33008 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-09-18 | 5.4 Medium |
| IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45669 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2025-09-17 | 6.5 Medium |
| IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to uncontrolled resource consumption. | ||||
| CVE-2024-45671 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2025-09-17 | 5.9 Medium |
| IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-2988 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-09-17 | 2.7 Low |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system. | ||||
| CVE-2025-1761 | 1 Ibm | 1 Concert | 2025-09-17 | 5.9 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | ||||
| CVE-2025-36003 | 1 Ibm | 1 Security Verify Governance | 2025-09-16 | 7.5 High |
| IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. | ||||
| CVE-2023-35006 | 1 Ibm | 1 Security Qradar Edr | 2025-09-15 | 5.4 Medium |
| IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2025-36042 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-09-15 | 5.4 Medium |
| IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-2667 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-09-10 | 2.7 Low |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system. | ||||
| CVE-2025-2694 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-09-10 | 4.8 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-1139 | 1 Ibm | 1 Edge Application Manager | 2025-09-03 | 6.1 Medium |
| IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment. | ||||
| CVE-2025-1142 | 1 Ibm | 1 Edge Application Manager | 2025-09-03 | 5.4 Medium |
| IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-0656 | 1 Ibm | 1 Concert | 2025-09-03 | 6.1 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-33082 | 1 Ibm | 1 Concert | 2025-09-03 | 5.4 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-33083 | 1 Ibm | 1 Concert | 2025-09-03 | 5.4 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-33084 | 1 Ibm | 1 Concert | 2025-09-03 | 5.9 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-33099 | 1 Ibm | 1 Concert | 2025-09-03 | 5.9 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation. | ||||
| CVE-2025-33102 | 1 Ibm | 1 Concert | 2025-09-03 | 5.9 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||