Filtered by vendor Ibm
Subscriptions
Total
7537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54173 | 1 Ibm | 1 Mq | 2025-02-28 | 4.7 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. | ||||
| CVE-2025-23225 | 1 Ibm | 1 Mq | 2025-02-28 | 6.5 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. | ||||
| CVE-2025-0823 | 1 Ibm | 1 Cognos Analytics | 2025-02-28 | 6.5 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2024-56340 | 1 Ibm | 1 Cognos Analytics | 2025-02-28 | 6.5 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter. | ||||
| CVE-2024-22360 | 1 Ibm | 1 Db2 | 2025-02-27 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905. | ||||
| CVE-2024-27268 | 1 Ibm | 1 Websphere Application Server | 2025-02-27 | 5.9 Medium |
| IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574. | ||||
| CVE-2024-25026 | 1 Ibm | 1 Websphere Application Server | 2025-02-27 | 5.9 Medium |
| IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. | ||||
| CVE-2024-56812 | 1 Ibm | 1 Entirex | 2025-02-27 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-56494 | 1 Ibm | 1 Entirex | 2025-02-27 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-56493 | 1 Ibm | 1 Entirex | 2025-02-27 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-56811 | 1 Ibm | 1 Entirex | 2025-02-27 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-56495 | 1 Ibm | 1 Entirex | 2025-02-27 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2025-0759 | 1 Ibm | 1 Entirex | 2025-02-27 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization. | ||||
| CVE-2024-56810 | 1 Ibm | 1 Entirex | 2025-02-27 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-56496 | 1 Ibm | 1 Entirex | 2025-02-27 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-54170 | 1 Ibm | 1 Entirex | 2025-02-27 | 5.5 Medium |
| IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles. | ||||
| CVE-2024-54169 | 1 Ibm | 1 Entirex | 2025-02-27 | 6.5 Medium |
| IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2022-43874 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2025-02-26 | 6.1 Medium |
| IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963. | ||||
| CVE-2023-26284 | 1 Ibm | 1 Mq Certified Container | 2025-02-26 | 7.5 High |
| IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. | ||||
| CVE-2020-4927 | 1 Ibm | 1 Spectrum Scale | 2025-02-26 | 5.7 Medium |
| A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695. | ||||