Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35114 | 1 Ibm | 1 Control Center | 2025-03-04 | N/A | 5.3 MEDIUM |
| IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | |||||
| CVE-2023-25681 | 1 Ibm | 1 Spectrum Virtualize | 2025-03-04 | N/A | 6.5 MEDIUM |
| LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033. | |||||
| CVE-2024-25026 | 1 Ibm | 1 Websphere Application Server | 2025-02-27 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. | |||||
| CVE-2023-27875 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-02-26 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. | |||||
| CVE-2023-27871 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-02-25 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613. | |||||
| CVE-2024-49336 | 1 Ibm | 1 Security Guardium | 2025-02-25 | N/A | 5.4 MEDIUM |
| IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-27277 | 1 Ibm | 1 Storage Protect Plus | 2025-02-14 | N/A | 5.5 MEDIUM |
| The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. | |||||
| CVE-2023-38372 | 1 Ibm | 1 Watson Iot Platform | 2025-02-14 | N/A | 7.5 HIGH |
| An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201. | |||||
| CVE-2023-30445 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357. | |||||
| CVE-2023-30449 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439. | |||||
| CVE-2023-30448 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | N/A | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437. | |||||
| CVE-2024-49796 | 1 Ibm | 1 Applinx | 2025-02-13 | N/A | N/A |
| IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2020-4427 | 1 Ibm | 1 Data Risk Manager | 2025-02-12 | 9.0 HIGH | 9.8 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. | |||||
| CVE-2020-4430 | 1 Ibm | 1 Data Risk Manager | 2025-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | |||||
| CVE-2020-4428 | 1 Ibm | 1 Data Risk Manager | 2025-02-12 | 9.0 HIGH | 9.1 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. | |||||
| CVE-2013-3993 | 1 Ibm | 1 Infosphere Biginsights | 2025-02-12 | 3.5 LOW | 6.5 MEDIUM |
| IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | |||||
| CVE-2015-7450 | 1 Ibm | 7 Sterling B2b Integrator, Sterling Integrator, Tivoli Common Reporting and 4 more | 2025-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. | |||||
| CVE-2024-49798 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2024-49797 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.9 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-49794 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||