Filtered by vendor Ibm
Subscribe
Total
8148 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64647 | 1 Ibm | 1 Concert | 2026-03-26 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | |||||
| CVE-2025-64648 | 1 Ibm | 1 Concert | 2026-03-26 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2026-1276 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-03-24 | N/A | 5.4 MEDIUM |
| IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36051 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-03-24 | N/A | 6.2 MEDIUM |
| IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user. | |||||
| CVE-2025-15051 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-03-23 | N/A | 5.4 MEDIUM |
| IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality. | |||||
| CVE-2025-13995 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-03-23 | N/A | 5.0 MEDIUM |
| IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account. | |||||
| CVE-2025-14483 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 4.3 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system. | |||||
| CVE-2025-14504 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2026-0835 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36368 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 6.5 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2023-40693 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-20 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-14806 | 2 Ibm, Microsoft | 2 Planning Analytics Local, Windows | 2026-03-19 | N/A | 5.7 MEDIUM |
| IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources. | |||||
| CVE-2026-1267 | 2 Ibm, Microsoft | 2 Planning Analytics Local, Windows | 2026-03-19 | N/A | 6.5 MEDIUM |
| IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls. | |||||
| CVE-2026-1376 | 1 Ibm | 1 I | 2026-03-19 | N/A | 7.5 HIGH |
| IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources. | |||||
| CVE-2026-3856 | 1 Ibm | 1 Db2 Recovery Expert | 2026-03-19 | N/A | 5.3 MEDIUM |
| IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission. | |||||
| CVE-2026-1264 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-19 | N/A | 7.1 HIGH |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities. | |||||
| CVE-2025-14031 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-19 | N/A | 7.5 HIGH |
| IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash. | |||||
| CVE-2025-13726 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2026-03-18 | N/A | 5.3 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. | |||||
| CVE-2025-13702 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2026-03-18 | N/A | 6.1 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-13718 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2026-03-18 | N/A | 3.7 LOW |
| IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | |||||