Filtered by vendor Ibm
Subscriptions
Total
8116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40685 | 1 Ibm | 1 Operations Analytics - Log Analysis | 2026-02-05 | 4.3 Medium |
| IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions. | ||||
| CVE-2025-13491 | 1 Ibm | 2 App Connect Enterprisecertified Containers Operands, App Connect Operator | 2026-02-05 | 5.1 Medium |
| IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path. | ||||
| CVE-2025-14150 | 1 Ibm | 1 Webmethods Integration On Prem Integration Server | 2026-02-05 | 6.5 Medium |
| IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses. | ||||
| CVE-2024-39724 | 1 Ibm | 1 Big Sql | 2026-02-05 | 5.3 Medium |
| IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service. | ||||
| CVE-2023-47150 | 2 Ibm, Linux | 4 Aix, Common Cryptographic Architecture, I and 1 more | 2026-02-04 | 7.5 High |
| IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602. | ||||
| CVE-2025-36065 | 1 Ibm | 2 Sterling Connect\, Sterling Connectexpress Adapter For Sterling B2b Integrator 520 | 2026-02-03 | 6.3 Medium |
| IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2025-36066 | 1 Ibm | 2 Sterling Connect\, Sterling Connectexpress Adapter For Sterling B2b Integrator 520 | 2026-02-03 | 6.1 Medium |
| IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36113 | 1 Ibm | 2 Sterling Connect\, Sterling Connectexpress Adapter For Sterling B2b Integrator 520 | 2026-02-03 | 5.4 Medium |
| IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36115 | 1 Ibm | 2 Sterling Connect\, Sterling Connectexpress Adapter For Sterling B2b Integrator 520 | 2026-02-03 | 6.3 Medium |
| IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2026-22791 | 3 Ibm, Linux, Opencryptoki Project | 3 Aix, Linux, Opencryptoki | 2026-02-03 | 6.6 Medium |
| openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service. | ||||
| CVE-2025-13925 | 1 Ibm | 1 Aspera Console | 2026-01-30 | 4.9 Medium |
| IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user. | ||||
| CVE-2025-36410 | 1 Ibm | 1 Applinx | 2026-01-26 | 3.1 Low |
| IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security. | ||||
| CVE-2025-36397 | 1 Ibm | 1 Application Gateway | 2026-01-26 | 5.4 Medium |
| IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2025-36409 | 1 Ibm | 1 Applinx | 2026-01-26 | 5.4 Medium |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36408 | 1 Ibm | 1 Applinx | 2026-01-26 | 6.4 Medium |
| IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36411 | 1 Ibm | 1 Applinx | 2026-01-26 | 3.5 Low |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-36396 | 1 Ibm | 1 Application Gateway | 2026-01-26 | 5.4 Medium |
| IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36419 | 1 Ibm | 1 Applinx | 2026-01-26 | 5.3 Medium |
| IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. | ||||
| CVE-2025-36418 | 1 Ibm | 1 Applinx | 2026-01-26 | 7.3 High |
| IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges. | ||||
| CVE-2025-1719 | 1 Ibm | 1 Concert | 2026-01-26 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | ||||