Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7756 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-1139 1 Ibm 1 Edge Application Manager 2025-09-03 N/A 6.1 MEDIUM
IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment.
CVE-2025-1142 1 Ibm 1 Edge Application Manager 2025-09-03 N/A 5.4 MEDIUM
IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-0656 1 Ibm 1 Concert 2025-09-03 N/A 6.1 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-33082 1 Ibm 1 Concert 2025-09-03 N/A 5.4 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-33083 1 Ibm 1 Concert 2025-09-03 N/A 5.4 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-33084 1 Ibm 1 Concert 2025-09-03 N/A 5.9 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2025-33099 1 Ibm 1 Concert 2025-09-03 N/A 5.9 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.
CVE-2025-33102 1 Ibm 1 Concert 2025-09-03 N/A 5.9 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2025-1494 1 Ibm 1 Cognos Command Center 2025-09-02 N/A 6.1 MEDIUM
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVE-2025-1994 1 Ibm 1 Cognos Command Center 2025-09-02 N/A 7.8 HIGH
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.
CVE-2025-2697 1 Ibm 1 Cognos Command Center 2025-09-02 N/A 7.4 HIGH
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVE-2024-54175 1 Ibm 1 Mq 2025-08-27 N/A 5.5 MEDIUM
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.
CVE-2024-45673 3 Ibm, Linux, Microsoft 5 Security Verify Bridge Directory Sync, Security Verify Gateway For Radius, Security Verify Gateway For Windows Login and 2 more 2025-08-27 N/A 5.5 MEDIUM
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.
CVE-2024-43176 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-27 N/A 5.4 MEDIUM
IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.
CVE-2024-31914 3 Ibm, Linux, Microsoft 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more 2025-08-27 N/A 6.4 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-1403 1 Ibm 1 Qiskit 2025-08-26 N/A 8.6 HIGH
Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.
CVE-2025-0985 1 Ibm 1 Mq 2025-08-26 N/A 5.5 MEDIUM
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.
CVE-2025-36014 1 Ibm 2 Integration Bus, Z\/os 2025-08-25 N/A 8.2 HIGH
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
CVE-2025-36041 1 Ibm 2 Mq Operator, Supplied Mq Advanced Container Images 2025-08-22 N/A 4.7 MEDIUM
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
CVE-2025-33013 1 Ibm 2 Mq Operator, Supplied Mq Advanced Container Images 2025-08-22 N/A 6.2 MEDIUM
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.