Filtered by vendor Ibm
Subscriptions
Total
8116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45675 | 1 Ibm | 1 Informix Dynamic Server | 2026-02-26 | 8.4 High |
| IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password. | ||||
| CVE-2025-36007 | 1 Ibm | 3 Qradar Security Information And Event Manager, Qradar Siem, Qradar Suite | 2026-02-26 | 7.8 High |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script. | ||||
| CVE-2025-36251 | 1 Ibm | 2 Aix, Vios | 2026-02-26 | 9.6 Critical |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347. | ||||
| CVE-2025-36096 | 1 Ibm | 2 Aix, Vios | 2026-02-26 | 9 Critical |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques. | ||||
| CVE-2025-36250 | 1 Ibm | 2 Aix, Vios | 2026-02-26 | 10 Critical |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346. | ||||
| CVE-2025-36357 | 1 Ibm | 2 Planning Analytics Local, Planning Analytics Workspace | 2026-02-26 | 8 High |
| IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system. | ||||
| CVE-2025-36137 | 1 Ibm | 1 Sterling Connect\ | 2026-02-26 | 7.2 High |
| IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts. | ||||
| CVE-2025-33003 | 1 Ibm | 1 Infosphere Information Server | 2026-02-26 | 7.8 High |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges. | ||||
| CVE-2025-27898 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-02-26 | 6.3 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2025-27899 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-02-26 | 5.3 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. | ||||
| CVE-2025-12771 | 1 Ibm | 1 Concert | 2026-02-26 | 7.8 High |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | ||||
| CVE-2025-13915 | 1 Ibm | 1 Api Connect | 2026-02-26 | 9.8 Critical |
| IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. | ||||
| CVE-2025-64645 | 1 Ibm | 1 Concert | 2026-02-26 | 7.7 High |
| IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link. | ||||
| CVE-2025-36384 | 1 Ibm | 1 Db2 | 2026-02-26 | 8.4 High |
| IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. | ||||
| CVE-2025-36365 | 1 Ibm | 1 Db2 | 2026-02-26 | 6.8 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. | ||||
| CVE-2025-36184 | 1 Ibm | 1 Db2 | 2026-02-26 | 7.2 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. | ||||
| CVE-2025-14914 | 1 Ibm | 1 Websphere Application Server | 2026-02-26 | 7.6 High |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. | ||||
| CVE-2025-13379 | 1 Ibm | 1 Aspera Console | 2026-02-26 | 8.6 High |
| IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | ||||
| CVE-2025-14115 | 1 Ibm | 1 Sterling Connectdirect For Unix Container | 2026-02-26 | 8.4 High |
| IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2025-33015 | 1 Ibm | 1 Concert | 2026-02-26 | 8.8 High |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | ||||