Filtered by vendor Ibm
Subscribe
Total
8148 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13616 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | N/A | 6.5 MEDIUM |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. | |||||
| CVE-2025-13686 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | N/A | 6.3 MEDIUM |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component. | |||||
| CVE-2025-13687 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | N/A | 6.3 MEDIUM |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component. | |||||
| CVE-2025-13688 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | N/A | 6.3 MEDIUM |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component. | |||||
| CVE-2025-13108 | 1 Ibm | 1 Db2 Merge Backup | 2026-02-26 | N/A | 5.5 MEDIUM |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | |||||
| CVE-2025-33124 | 1 Ibm | 1 Db2 Merge Backup | 2026-02-26 | N/A | 6.5 MEDIUM |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size. | |||||
| CVE-2025-27904 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 6.5 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2025-27903 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 5.9 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2025-27900 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 6.8 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2025-27898 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 6.3 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2025-27899 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 5.3 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. | |||||
| CVE-2025-27901 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-25 | N/A | 6.5 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | |||||
| CVE-2025-36033 | 1 Ibm | 1 Engineering Lifecycle Management | 2026-02-25 | N/A | 5.4 MEDIUM |
| IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36094 | 1 Ibm | 1 Cloud Pak For Business Automation | 2026-02-25 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length. | |||||
| CVE-2022-41296 | 1 Ibm | 2 Db2, Db2 Warehouse | 2026-02-25 | N/A | 6.5 MEDIUM |
| IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210. | |||||
| CVE-2023-38010 | 1 Ibm | 2 Cloud Pak System, Os Image For Red Hat Linux Systems | 2026-02-25 | N/A | 5.3 MEDIUM |
| IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system. | |||||
| CVE-2023-38017 | 1 Ibm | 2 Cloud Pak System, Os Image For Red Hat Linux Systems | 2026-02-25 | N/A | 5.3 MEDIUM |
| IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-38281 | 1 Ibm | 2 Cloud Pak System, Os Image For Red Hat Linux Systems | 2026-02-25 | N/A | 5.3 MEDIUM |
| IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | |||||
| CVE-2025-27550 | 1 Ibm | 1 Jazz Reporting Service | 2026-02-23 | N/A | 3.5 LOW |
| IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server. | |||||
| CVE-2025-2134 | 1 Ibm | 1 Jazz Reporting Service | 2026-02-23 | N/A | 3.5 LOW |
| IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling. | |||||