IBM
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any IBM product.
RSS Feeds for IBM security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in IBM products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by IBM Sorted by Most Security Vulnerabilities since 2018
Known Exploited IBM Vulnerabilities
The following IBM vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| IBM Aspera Faspex Code Execution Vulnerability |
IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. CVE-2022-47986 Exploit Probability: 94.3% |
February 21, 2023 |
| IBM InfoSphere BigInsights Invalid Input Vulnerability |
Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. CVE-2013-3993 Exploit Probability: 13.2% |
May 25, 2022 |
| IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. |
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands CVE-2015-7450 Exploit Probability: 93.9% |
January 10, 2022 |
| IBM Data Risk Manager Arbritary File Download |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. CVE-2020-4430 Exploit Probability: 55.2% |
November 3, 2021 |
| IBM Data Risk Manager Authentication Bypass |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. CVE-2020-4427 Exploit Probability: 49.2% |
November 3, 2021 |
| IBM Data Risk Manager Command Injection |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. CVE-2020-4428 Exploit Probability: 48.3% |
November 3, 2021 |
| IBM Planning Analytics configuration overwrite vulnerability |
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. CVE-2019-4716 Exploit Probability: 77.0% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 4 known exploited IBM vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2025 there have been 188 vulnerabilities in IBM with an average score of 6.0 out of ten. Last year, in 2024 IBM had 462 security vulnerabilities published. Right now, IBM is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.39
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 188 | 6.02 |
| 2024 | 462 | 6.40 |
| 2023 | 242 | 6.92 |
| 2022 | 285 | 6.37 |
| 2021 | 377 | 6.07 |
| 2020 | 340 | 6.23 |
| 2019 | 439 | 6.09 |
| 2018 | 315 | 6.35 |
It may take a day or so for new IBM vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Security Vulnerabilities
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information
CVE-2025-1112
4.3 - Medium
- July 09, 2025
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
Improper Ownership Management
IBM OpenPages with Watson 8.3 and 9.0
is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server
CVE-2025-27367
6.5 - Medium
- July 08, 2025
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.
Client-Side Enforcement of Server-Side Security
IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting
CVE-2023-43039
6.1 - Medium
- July 08, 2025
IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
XSS
IBM OpenPages with Watson 8.3 and 9.0
could provide weaker than expected security in storage of encrypted data
CVE-2024-49783
6.5 - Medium
- July 08, 2025
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data.
Not Using an Unpredictable IV with CBC Mode
IBM OpenPages with Watson 8.3 and 9.0
could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode
CVE-2024-49784
6.5 - Medium
- July 08, 2025
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data.
Use of a Broken or Risky Cryptographic Algorithm
IBM OpenPages with Watson 8.3 and 9.0
is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages
CVE-2025-27369
4.3 - Medium
- July 08, 2025
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting
CVE-2024-52900
5.4 - Medium
- June 28, 2025
IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim
CVE-2024-39730
5.4 - Medium
- June 28, 2025
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
User Interface (UI) Misrepresentation of Critical Information
IBM Datacap 9.1.7, 9.1.8, and 9.1.9
does not set the secure attribute on authorization tokens or session cookies
CVE-2025-36026
4.3 - Medium
- June 28, 2025
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
IBM Datacap 9.1.7, 9.1.8, and 9.1.9
could allow a remote attacker to hijack the clicking action of the victim
CVE-2025-36027
5.4 - Medium
- June 28, 2025
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Clickjacking
IBM InfoSphere Information Server 11.7 vulnerable to SQL injection
CVE-2025-0966
7.6 - High
- June 25, 2025
IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
SQL Injection
IBM i 7.2, 7.3, 7.4, and 7.5 could
CVE-2025-36004
8.8 - High
- June 25, 2025
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.
DLL preloading
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could
CVE-2025-3221
7.5 - High
- June 21, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.
Allocation of Resources Without Limits or Throttling
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
could
CVE-2025-3629
4.3 - Medium
- June 21, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.
Improper Ownership Management
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could
CVE-2025-33122
7.5 - High
- June 17, 2025
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.
DLL preloading
IBM Cognos Analytics 11.2.0
CVE-2025-0917
4.8 - Medium
- June 11, 2025
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server
CVE-2025-0923
5.3 - Medium
- June 11, 2025
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
Inclusion of Sensitive Information in Source Code
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request
CVE-2025-25032
7.5 - High
- June 11, 2025
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
Allocation of Resources Without Limits or Throttling
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file
CVE-2025-1499
6.5 - Medium
- June 01, 2025
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
Cleartext Storage of Sensitive Information
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting
CVE-2025-25044
5.4 - Medium
- June 01, 2025
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting
CVE-2025-2896
5.4 - Medium
- June 01, 2025
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Planning Analytics Local 2.0 and 2.1 could
CVE-2025-33004
6.5 - Medium
- June 01, 2025
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
Directory traversal
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could
CVE-2025-33005
8.8 - High
- June 01, 2025
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration
IBM Db2 for Linux
CVE-2024-49350
7.5 - High
- May 29, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Memory Corruption
IBM Db2 for Linux
CVE-2025-2518
7.5 - High
- May 29, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Stack Exhaustion
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could
CVE-2025-3050
6.5 - Medium
- May 29, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.
Allocation of Resources Without Limits or Throttling
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms
CVE-2024-38341
7.5 - High
- May 28, 2025
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Inadequate Encryption Strength
IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system
CVE-2024-51453
7.5 - High
- May 28, 2025
IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Directory traversal
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could
CVE-2025-3357
9.8 - Critical
- May 28, 2025
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
out-of-bounds array index
IBM Security Guardium 12.0 could
CVE-2025-25026
4.3 - Medium
- May 28, 2025
IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.
AuthZ
IBM Security Guardium 12.0 could
CVE-2025-25025
5.3 - Medium
- May 28, 2025
IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
IBM Security Guardium 12.0 could
CVE-2025-25029
6.5 - Medium
- May 28, 2025
IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.
Output Sanitization
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials
CVE-2025-33079
6.5 - Medium
- May 27, 2025
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code.
Insufficiently Protected Credentials
IBM Aspera Faspex 5.0.0 through 5.0.12 could
CVE-2025-33136
8.8 - High
- May 22, 2025
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
MAID
IBM Aspera Faspex 5.0.0 through 5.0.12 could
CVE-2025-33137
8.8 - High
- May 22, 2025
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
Client-Side Enforcement of Server-Side Security
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection
CVE-2025-33138
6.1 - Medium
- May 22, 2025
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
XSS
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability
CVE-2025-33103
8.8 - High
- May 17, 2025
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.
Execution with Unnecessary Privileges
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection
CVE-2024-51475
6.1 - Medium
- May 16, 2025
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
XSS
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user
CVE-2025-1138
4.3 - Medium
- May 15, 2025
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
Exposure of Information Through Directory Listing
IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting
CVE-2025-3440
5.5 - Medium
- May 15, 2025
IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could
CVE-2025-1330
7.8 - High
- May 08, 2025
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.
Memory Corruption
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could
CVE-2025-1329
7.8 - High
- May 08, 2025
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.
Memory Corruption
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could
CVE-2025-1331
7.8 - High
- May 08, 2025
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
Use of Inherently Dangerous Function
IBM i 7.2
CVE-2025-3218
5.4 - Medium
- May 07, 2025
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.
Improper Certificate Validation
IBM Maximo Application Suite 9.0 could
CVE-2025-2898
8.8 - High
- May 06, 2025
IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.
Incorrect Privilege Assignment
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1
could
CVE-2025-1493
5.3 - Medium
- May 05, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.
Race Condition
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1
could
CVE-2025-1000
6.5 - Medium
- May 05, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.
Allocation of Resources Without Limits or Throttling
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1
under specific configurations could
CVE-2025-0915
6.5 - Medium
- May 05, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.
Allocation of Resources Without Limits or Throttling
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting
CVE-2025-1551
6.1 - Medium
- April 29, 2025
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could
CVE-2024-22351
6.3 - Medium
- April 23, 2025
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration