ApplinX
by IBM
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-36419 | 0.00 | — | 0.00 | Jan 20, 2026 | IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. | |||
| CVE-2025-36418 | 0.00 | — | 0.00 | Jan 20, 2026 | IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges. | |||
| CVE-2025-36411 | 0.00 | — | 0.00 | Jan 20, 2026 | IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||
| CVE-2025-36410 | 0.00 | — | 0.00 | Jan 20, 2026 | IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security. | |||
| CVE-2025-36409 | 0.00 | — | 0.00 | Jan 20, 2026 | IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||
| CVE-2025-36408 | 0.00 | — | 0.00 | Jan 20, 2026 | IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
- CVE-2025-36419Jan 20, 2026risk 0.00cvss —epss 0.00
IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system.
- CVE-2025-36418Jan 20, 2026risk 0.00cvss —epss 0.00
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges.
- CVE-2025-36411Jan 20, 2026risk 0.00cvss —epss 0.00
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- CVE-2025-36410Jan 20, 2026risk 0.00cvss —epss 0.00
IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security.
- CVE-2025-36409Jan 20, 2026risk 0.00cvss —epss 0.00
IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- CVE-2025-36408Jan 20, 2026risk 0.00cvss —epss 0.00
IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.