VYPR

Vendor CVEs

IBM

All CVEs

8,259 total · sorted by risk
  • CVE-2025-0159Feb 28, 2025
    risk 0.00cvss epss 0.01

    IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a…

  • CVE-2025-0985Feb 28, 2025
    risk 0.00cvss epss 0.00

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.

  • CVE-2024-54175Feb 28, 2025
    risk 0.00cvss epss 0.00

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.

  • CVE-2025-0823Feb 28, 2025
    risk 0.00cvss epss 0.01

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2025-23225Feb 28, 2025
    risk 0.00cvss epss 0.00

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.

  • CVE-2024-54173Feb 28, 2025
    risk 0.00cvss epss 0.00

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.

  • CVE-2025-0975Feb 28, 2025
    risk 0.00cvss epss 0.01

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.

  • CVE-2024-54170Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.

  • CVE-2024-54169Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2025-0759Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization.

  • CVE-2024-56810Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56496Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56495Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56811Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56493Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56494Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-56812Feb 27, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2025-0719Feb 26, 2025
    risk 0.00cvss epss 0.00

    IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2024-55898Feb 24, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

  • CVE-2024-22341Feb 22, 2025
    risk 0.00cvss epss 0.00

    IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.

  • CVE-2024-45674Feb 21, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a…

  • CVE-2025-1403Feb 21, 2025
    risk 0.00cvss epss 0.01

    Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.

  • CVE-2024-45673Feb 21, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.

  • CVE-2025-0161Feb 20, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.

  • CVE-2024-49337Feb 20, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using…

  • CVE-2024-49344Feb 20, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

  • CVE-2024-49779Feb 20, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another…

  • CVE-2024-49781Feb 20, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

  • CVE-2024-49780Feb 20, 2025
    risk 0.00cvss epss 0.01

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file…

  • CVE-2024-49782Feb 20, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages…

  • CVE-2024-43196Feb 20, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0  application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.

  • CVE-2024-49355Feb 20, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.

  • CVE-2023-47160Feb 19, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

  • CVE-2024-28777Feb 19, 2025
    risk 0.00cvss epss 0.01

    IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted…

  • CVE-2024-28776Feb 19, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2024-28780Feb 19, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client  uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

  • CVE-2024-45081Feb 19, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restricted content due to incorrect authorization checks.

  • CVE-2024-45084Feb 19, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.

  • CVE-2024-52902Feb 19, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.

  • CVE-2024-56463Feb 14, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2024-56477Feb 14, 2025
    risk 0.00cvss epss 0.00

    IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2024-52895Feb 14, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that…

  • CVE-2024-55904Feb 14, 2025
    risk 0.00cvss epss 0.01

    IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by…

  • CVE-2024-54176Feb 8, 2025
    risk 0.00cvss epss 0.00

    IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due…

  • CVE-2025-0158Feb 6, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation.

  • CVE-2024-56467Feb 6, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-54171Feb 6, 2025
    risk 0.00cvss epss 0.00

    IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

  • CVE-2024-52892Feb 6, 2025
    risk 0.00cvss epss 0.00

    IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2025-0799Feb 6, 2025
    risk 0.00cvss epss 0.00

    IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.

  • CVE-2024-51450Feb 6, 2025
    risk 0.00cvss epss 0.01

    IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Page 109 of 166