Filtered by vendor Ibm
Subscribe
Total
8148 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13723 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2026-03-18 | N/A | 5.3 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token | |||||
| CVE-2025-13460 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2026-03-17 | N/A | 5.3 MEDIUM |
| IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy. | |||||
| CVE-2025-13459 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2026-03-17 | N/A | 2.7 LOW |
| IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. | |||||
| CVE-2025-13212 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2026-03-17 | N/A | 5.3 MEDIUM |
| IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency. | |||||
| CVE-2025-13219 | 2 Ibm, Linux | 2 Aspera Orchestrator, Linux Kernel | 2026-03-12 | N/A | 5.9 MEDIUM |
| IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. | |||||
| CVE-2025-36226 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2026-03-12 | N/A | 5.4 MEDIUM |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36227 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2026-03-12 | N/A | 5.4 MEDIUM |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | |||||
| CVE-2025-13213 | 2 Ibm, Linux | 2 Aspera Orchestrator, Linux Kernel | 2026-03-12 | N/A | 5.4 MEDIUM |
| IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking | |||||
| CVE-2026-1567 | 1 Ibm | 1 Infosphere Information Server | 2026-03-05 | N/A | 7.1 HIGH |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server. | |||||
| CVE-2025-14480 | 1 Ibm | 1 Aspera Faspio Gateway | 2026-03-05 | N/A | 5.1 MEDIUM |
| IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | |||||
| CVE-2026-1713 | 1 Ibm | 1 Mq | 2026-03-05 | N/A | 5.0 MEDIUM |
| IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD | |||||
| CVE-2025-14456 | 1 Ibm | 1 Mq Appliance | 2026-03-05 | N/A | 5.9 MEDIUM |
| IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1 | |||||
| CVE-2026-2606 | 1 Ibm | 1 Webmethods Api Gateway | 2026-03-05 | N/A | 6.5 MEDIUM |
| IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI schema instead of the expected https:// schema, enabling unauthorized arbitrary file read access on the underlying server file system. | |||||
| CVE-2025-13490 | 1 Ibm | 2 App Connect Enterprise Certified Containers Operands, App Connect Operator | 2026-03-04 | N/A | 5.9 MEDIUM |
| IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques. | |||||
| CVE-2025-13734 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2026-03-04 | N/A | 5.4 MEDIUM |
| IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions. | |||||
| CVE-2025-14604 | 1 Ibm | 1 Storage Scale | 2026-03-04 | N/A | 6.6 MEDIUM |
| IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. | |||||
| CVE-2025-14923 | 1 Ibm | 1 Websphere Application Server | 2026-03-04 | N/A | 4.7 MEDIUM |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. | |||||
| CVE-2025-36364 | 1 Ibm | 1 Devops Plan | 2026-03-04 | N/A | 6.2 MEDIUM |
| IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. | |||||
| CVE-2026-1265 | 1 Ibm | 1 Infosphere Information Server | 2026-03-04 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file. | |||||
| CVE-2025-36363 | 1 Ibm | 1 Devops Plan | 2026-03-04 | N/A | 5.9 MEDIUM |
| IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||||