Filtered by vendor Ibm
Subscriptions
Total
8060 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1719 | 1 Ibm | 1 Concert | 2026-01-26 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | ||||
| CVE-2025-14115 | 1 Ibm | 1 Sterling Connectdirect For Unix Container | 2026-01-26 | 8.4 High |
| IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2025-1722 | 1 Ibm | 1 Concert | 2026-01-26 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | ||||
| CVE-2025-36058 | 1 Ibm | 1 Business Automation Workflow Containers | 2026-01-26 | 5.5 Medium |
| IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map. | ||||
| CVE-2025-64645 | 1 Ibm | 1 Concert | 2026-01-20 | 7.7 High |
| IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link. | ||||
| CVE-2025-36192 | 1 Ibm | 3 Ds8900f Firmware, Ds8a00, Ds8a00 Firmware | 2026-01-14 | 6.7 Medium |
| IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS Logical corruption protection mechanisms. | ||||
| CVE-2025-14687 | 1 Ibm | 2 Db2, Db2 Intelligence Center | 2026-01-14 | 4.3 Medium |
| IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms. | ||||
| CVE-2025-36437 | 1 Ibm | 1 Planning Analytics Local | 2026-01-14 | 4.3 Medium |
| IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system. | ||||
| CVE-2025-2529 | 1 Ibm | 1 Terracotta | 2026-01-14 | 2.9 Low |
| Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way. | ||||
| CVE-2019-4716 | 1 Ibm | 1 Planning Analytics | 2026-01-14 | 9.8 Critical |
| IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. | ||||
| CVE-2020-4430 | 1 Ibm | 1 Data Risk Manager | 2026-01-14 | 4.3 Medium |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | ||||
| CVE-2026-22791 | 3 Ibm, Linux, Opencryptoki Project | 3 Aix, Linux, Opencryptoki | 2026-01-14 | 6.6 Medium |
| openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service. | ||||
| CVE-2024-43184 | 1 Ibm | 1 Jazz Foundation | 2026-01-09 | 6.1 Medium |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-25048 | 1 Ibm | 1 Jazz Foundation | 2026-01-09 | 6.5 Medium |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory. | ||||
| CVE-2025-13915 | 1 Ibm | 1 Api Connect | 2026-01-06 | 9.8 Critical |
| IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. | ||||
| CVE-2025-36154 | 1 Ibm | 1 Concert | 2025-12-30 | 6.2 Medium |
| IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user. | ||||
| CVE-2025-12771 | 1 Ibm | 1 Concert | 2025-12-30 | 7.8 High |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | ||||
| CVE-2025-1721 | 1 Ibm | 1 Concert | 2025-12-29 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | ||||
| CVE-2025-36228 | 1 Ibm | 2 Aspera Faspex, Aspera Faspex 5 | 2025-12-29 | 3.8 Low |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse. | ||||
| CVE-2025-36229 | 1 Ibm | 2 Aspera Faspex, Aspera Faspex 5 | 2025-12-29 | 3.1 Low |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers. | ||||