Search Results (7909 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-36245 1 Ibm 1 Infosphere Information Server 2025-10-18 8.8 High
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
CVE-2024-56340 1 Ibm 1 Cognos Analytics 2025-10-17 6.5 Medium
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
CVE-2025-36244 1 Ibm 2 Aix, Vios 2025-10-17 7.4 High
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
CVE-2023-49886 1 Ibm 1 Transformation Extender Advanced 2025-10-16 9.8 Critical
IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2025-36128 1 Ibm 1 Mq 2025-10-16 7.5 High
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2025-36156 1 Ibm 2 Infosphere Data Replication, Infosphere Data Replication Vsam For Z\/os Remote Source 2025-10-16 7.4 High
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system.
CVE-2025-36002 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-10-16 5.5 Medium
IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.
CVE-2025-2529 1 Ibm 1 Terracotta 2025-10-16 2.9 Low
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
CVE-2025-33096 3 Ibm, Linux, Microsoft 4 Aix, Engineering Requirements Management Doors Next, Linux Kernel and 1 more 2025-10-16 6.5 Medium
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.
CVE-2025-2140 3 Ibm, Linux, Microsoft 4 Aix, Engineering Requirements Management Doors Next, Linux Kernel and 1 more 2025-10-16 5.7 Medium
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.
CVE-2025-2139 3 Ibm, Linux, Microsoft 4 Aix, Engineering Requirements Management Doors Next, Linux Kernel and 1 more 2025-10-16 3.5 Low
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.
CVE-2025-2138 3 Ibm, Linux, Microsoft 4 Aix, Engineering Requirements Management Doors Next, Linux Kernel and 1 more 2025-10-16 3.5 Low
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
CVE-2023-50301 1 Ibm 1 Transformation Extender Advanced 2025-10-15 1.9 Low
IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
CVE-2025-36087 1 Ibm 2 Security Verify Access, Security Verify Access Docker 2025-10-15 8.1 High
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2025-36225 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2025-10-14 4.3 Medium
IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.
CVE-2023-37401 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2025-10-14 5.3 Medium
IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.
CVE-2025-36171 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2025-10-14 4.9 Medium
IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.
CVE-2025-27906 1 Ibm 1 Content Navigator 2025-10-14 5.3 Medium
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.
CVE-2025-1826 1 Ibm 1 Jazz Foundation 2025-10-14 5.4 Medium
IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-36100 1 Ibm 1 Mq 2025-10-09 5.1 Medium
IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0  Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.