Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7768 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-47120 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2025-09-18 N/A 6.4 MEDIUM
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges.
CVE-2025-33008 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-09-18 N/A 5.4 MEDIUM
IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45669 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2025-09-17 N/A 6.5 MEDIUM
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to uncontrolled resource consumption.
CVE-2024-45671 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2025-09-17 N/A 5.9 MEDIUM
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2025-2988 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-09-17 N/A 2.7 LOW
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.
CVE-2025-1761 1 Ibm 1 Concert 2025-09-17 N/A 5.9 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
CVE-2025-36003 1 Ibm 1 Security Verify Governance 2025-09-16 N/A 7.5 HIGH
IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
CVE-2023-35006 1 Ibm 1 Security Qradar Edr 2025-09-15 N/A 5.4 MEDIUM
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2025-33120 1 Ibm 2 Qradar Incident Forensics, Qradar Security Information And Event Manager 2025-09-15 N/A 7.8 HIGH
IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.
CVE-2025-36042 1 Ibm 2 Qradar Incident Forensics, Qradar Security Information And Event Manager 2025-09-15 N/A 5.4 MEDIUM
IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-2667 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-09-10 N/A 2.7 LOW
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system.
CVE-2025-2694 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-09-10 N/A 4.8 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-22341 1 Ibm 1 Watson Query With Cloud Pak For Data 2025-09-05 N/A 5.3 MEDIUM
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.
CVE-2025-1139 1 Ibm 1 Edge Application Manager 2025-09-03 N/A 6.1 MEDIUM
IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment.
CVE-2025-1142 1 Ibm 1 Edge Application Manager 2025-09-03 N/A 5.4 MEDIUM
IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-0656 1 Ibm 1 Concert 2025-09-03 N/A 6.1 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-33082 1 Ibm 1 Concert 2025-09-03 N/A 5.4 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-33083 1 Ibm 1 Concert 2025-09-03 N/A 5.4 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-33084 1 Ibm 1 Concert 2025-09-03 N/A 5.9 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2025-33099 1 Ibm 1 Concert 2025-09-03 N/A 5.9 MEDIUM
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.