Filtered by vendor Ibm
Subscriptions
Total
7537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47714 | 1 Ibm | 1 Sterling File Gateway | 2025-03-07 | 4.8 Medium |
| IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. | ||||
| CVE-2023-50307 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | 5.4 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338. | ||||
| CVE-2025-0159 | 1 Ibm | 1 Storage Virtualize | 2025-03-07 | 9.1 Critical |
| IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. | ||||
| CVE-2024-38316 | 1 Ibm | 1 Aspera Shares | 2025-03-06 | 4.3 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | ||||
| CVE-2024-56473 | 1 Ibm | 1 Aspera Shares | 2025-03-06 | 5.3 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. | ||||
| CVE-2022-40752 | 3 Ibm, Linux, Microsoft | 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more | 2025-03-06 | 9.8 Critical |
| IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. | ||||
| CVE-2022-43902 | 1 Ibm | 1 Mq Appliance | 2025-03-06 | 6.5 Medium |
| IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. | ||||
| CVE-2020-5001 | 1 Ibm | 1 Financial Transaction Manager | 2025-03-06 | 4.3 Medium |
| IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. | ||||
| CVE-2020-5002 | 1 Ibm | 1 Financial Transaction Manager | 2025-03-06 | 4.3 Medium |
| IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. | ||||
| CVE-2021-20553 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-06 | 5.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-51476 | 1 Ibm | 1 Concert | 2025-03-06 | 7.5 High |
| IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | ||||
| CVE-2023-26281 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Http Server and 4 more | 2025-03-06 | 5.9 Medium |
| IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. | ||||
| CVE-2024-49807 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-06 | 6.4 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-0975 | 1 Ibm | 1 Mq | 2025-03-06 | 8.8 High |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. | ||||
| CVE-2020-5026 | 1 Ibm | 1 Financial Transaction Manager | 2025-03-05 | 4.3 Medium |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662. | ||||
| CVE-2023-50961 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-03-05 | 4.8 Medium |
| IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939. | ||||
| CVE-2024-27270 | 1 Ibm | 1 Websphere Application Server | 2025-03-05 | 4.7 Medium |
| IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. | ||||
| CVE-2024-28784 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-03-05 | 5.4 Medium |
| IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893. | ||||
| CVE-2022-35645 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2025-03-05 | 6.4 Medium |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958. | ||||
| CVE-2023-24975 | 1 Ibm | 1 Spectrum Symphony | 2025-03-05 | 5.4 Medium |
| IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030. | ||||