Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Total 6536 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1921 1 Ibm 1 Campaign 2023-03-01 3.5 LOW 5.4 MEDIUM
IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857.
CVE-2019-4193 3 Ibm, Linux, Microsoft 4 Aix, Jazz For Service Management, Linux Kernel and 1 more 2023-03-01 5.0 MEDIUM 7.5 HIGH
IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032.
CVE-2018-1968 1 Ibm 1 Security Identity Manager Virtual Appliance 2023-03-01 5.0 MEDIUM 5.3 MEDIUM
IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749.
CVE-2022-43579 3 Ibm, Linux, Microsoft 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more 2023-02-28 N/A 5.4 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.
CVE-2020-5000 1 Ibm 1 Financial Transaction Manager 2023-02-28 3.5 LOW 5.4 MEDIUM
IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952.
CVE-2023-24960 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2023-02-28 N/A 7.5 HIGH
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333
CVE-2022-47986 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2023-02-28 N/A 9.8 CRITICAL
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
CVE-2023-22868 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2023-02-28 N/A 5.4 MEDIUM
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.
CVE-2023-24964 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2023-02-24 N/A 5.5 MEDIUM
IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.
CVE-2022-43927 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2023-02-24 N/A 7.5 HIGH
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.
CVE-2022-43929 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2023-02-24 N/A 7.5 HIGH
IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.
CVE-2022-36775 1 Ibm 2 Security Verify Access, Security Verify Access Docker 2023-02-24 N/A 6.5 MEDIUM
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.
CVE-2018-1636 1 Ibm 1 Informix Dynamic Server 2023-02-23 7.2 HIGH 6.7 MEDIUM
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
CVE-2018-1635 1 Ibm 1 Informix Dynamic Server 2023-02-23 7.2 HIGH 6.7 MEDIUM
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
CVE-2019-4253 1 Ibm 1 Informix Dynamic Server 2023-02-23 7.2 HIGH 7.8 HIGH
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.
CVE-2018-1796 1 Ibm 1 Informix Dynamic Server 2023-02-23 7.2 HIGH 7.8 HIGH
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
CVE-2018-1634 1 Ibm 1 Informix Dynamic Server 2023-02-23 7.2 HIGH 6.7 MEDIUM
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
CVE-2018-1633 1 Ibm 1 Informix Dynamic Server 2023-02-23 7.2 HIGH 6.7 MEDIUM
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
CVE-2018-1632 1 Ibm 1 Informix Dynamic Server 2023-02-23 7.2 HIGH 6.7 MEDIUM
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
CVE-2018-1631 1 Ibm 1 Informix Dynamic Server 2023-02-23 7.2 HIGH 6.7 MEDIUM
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.