IBM IBM

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any IBM product.

RSS Feeds for IBM security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in IBM products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by IBM Sorted by Most Security Vulnerabilities since 2018

IBM Aix111 vulnerabilities

IBM Sterling B2b Integrator88 vulnerabilities

IBM Cognos Analytics88 vulnerabilities

IBM Api Connect67 vulnerabilities

IBM Vios63 vulnerabilities

IBM Maximo Asset Management62 vulnerabilities

IBM Security Verify Access52 vulnerabilities

IBM Security Guardium46 vulnerabilities

IBM I44 vulnerabilities

IBM Db243 vulnerabilities

IBM Mq Appliance37 vulnerabilities

IBM Cognos Controller37 vulnerabilities

IBM Security Access Manager37 vulnerabilities

IBM Spectrum Scale36 vulnerabilities

IBM Urbancode Deploy34 vulnerabilities

IBM Cloud Pak For Security32 vulnerabilities

IBM Planning Analytics30 vulnerabilities

IBM Maximo Application Suite29 vulnerabilities

IBM Mq29 vulnerabilities

IBM Cics Tx27 vulnerabilities

IBM Aspera Faspex25 vulnerabilities

IBM Robotic Process Automation24 vulnerabilities

IBM Planning Analytics Local23 vulnerabilities

IBM Rhapsody Model Manager23 vulnerabilities

IBM Sterling File Gateway22 vulnerabilities

IBM Openpages With Watson20 vulnerabilities

IBM Content Navigator18 vulnerabilities

IBM Security Directory Server16 vulnerabilities

IBM Jazz Reporting Service16 vulnerabilities

IBM Datacap16 vulnerabilities

IBM Security Verify Governance14 vulnerabilities

IBM Sterling Secure Proxy14 vulnerabilities

IBM Entirex13 vulnerabilities

IBM Informix Dynamic Server13 vulnerabilities

IBM Qradar Suite13 vulnerabilities

IBM Powersc13 vulnerabilities

IBM App Connect Enterprise12 vulnerabilities

IBM Cloud Pak System12 vulnerabilities

IBM Datacap Navigator11 vulnerabilities

IBM Aspera Shares10 vulnerabilities

IBM Powervm Hypervisor10 vulnerabilities

IBM Filenet Content Manager10 vulnerabilities

Known Exploited IBM Vulnerabilities

The following IBM vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
IBM Aspera Faspex Code Execution Vulnerability IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.
CVE-2022-47986 Exploit Probability: 94.3%
February 21, 2023
IBM InfoSphere BigInsights Invalid Input Vulnerability Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.
CVE-2013-3993 Exploit Probability: 13.2%
May 25, 2022
IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands
CVE-2015-7450 Exploit Probability: 93.9%
January 10, 2022
IBM Data Risk Manager Arbritary File Download IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.
CVE-2020-4430 Exploit Probability: 55.2%
November 3, 2021
IBM Data Risk Manager Authentication Bypass IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
CVE-2020-4427 Exploit Probability: 49.2%
November 3, 2021
IBM Data Risk Manager Command Injection IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
CVE-2020-4428 Exploit Probability: 48.3%
November 3, 2021
IBM Planning Analytics configuration overwrite vulnerability IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
CVE-2019-4716 Exploit Probability: 77.0%
November 3, 2021

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 4 known exploited IBM vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2025 there have been 188 vulnerabilities in IBM with an average score of 6.0 out of ten. Last year, in 2024 IBM had 462 security vulnerabilities published. Right now, IBM is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.39




Year Vulnerabilities Average Score
2025 188 6.02
2024 462 6.40
2023 242 6.92
2022 285 6.37
2021 377 6.07
2020 340 6.23
2019 439 6.09
2018 315 6.35

It may take a day or so for new IBM vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Security Vulnerabilities

IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information

CVE-2025-1112 4.3 - Medium - July 09, 2025

IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.

Improper Ownership Management

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server

CVE-2025-27367 6.5 - Medium - July 08, 2025

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.

Client-Side Enforcement of Server-Side Security

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting

CVE-2023-43039 6.1 - Medium - July 08, 2025

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

XSS

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data

CVE-2024-49783 6.5 - Medium - July 08, 2025

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data.

Not Using an Unpredictable IV with CBC Mode

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode

CVE-2024-49784 6.5 - Medium - July 08, 2025

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data.

Use of a Broken or Risky Cryptographic Algorithm

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages

CVE-2025-27369 4.3 - Medium - July 08, 2025

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.

Exposure of Sensitive System Information to an Unauthorized Control Sphere

IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting

CVE-2024-52900 5.4 - Medium - June 28, 2025

IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim

CVE-2024-39730 5.4 - Medium - June 28, 2025

IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

User Interface (UI) Misrepresentation of Critical Information

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies

CVE-2025-36026 4.3 - Medium - June 28, 2025

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim

CVE-2025-36027 5.4 - Medium - June 28, 2025

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Clickjacking

IBM InfoSphere Information Server 11.7 vulnerable to SQL injection

CVE-2025-0966 7.6 - High - June 25, 2025

IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

SQL Injection

IBM i 7.2, 7.3, 7.4, and 7.5 could

CVE-2025-36004 8.8 - High - June 25, 2025

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.

DLL preloading

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could

CVE-2025-3221 7.5 - High - June 21, 2025

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.

Allocation of Resources Without Limits or Throttling

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could

CVE-2025-3629 4.3 - Medium - June 21, 2025

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.

Improper Ownership Management

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could

CVE-2025-33122 7.5 - High - June 17, 2025

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.

DLL preloading

IBM Cognos Analytics 11.2.0

CVE-2025-0917 4.8 - Medium - June 11, 2025

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server

CVE-2025-0923 5.3 - Medium - June 11, 2025

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

Inclusion of Sensitive Information in Source Code

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request

CVE-2025-25032 7.5 - High - June 11, 2025

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

Allocation of Resources Without Limits or Throttling

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file

CVE-2025-1499 6.5 - Medium - June 01, 2025

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Cleartext Storage of Sensitive Information

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting

CVE-2025-25044 5.4 - Medium - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting

CVE-2025-2896 5.4 - Medium - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM Planning Analytics Local 2.0 and 2.1 could

CVE-2025-33004 6.5 - Medium - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

Directory traversal

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could

CVE-2025-33005 8.8 - High - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Insufficient Session Expiration

IBM Db2 for Linux

CVE-2024-49350 7.5 - High - May 29, 2025

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Memory Corruption

IBM Db2 for Linux

CVE-2025-2518 7.5 - High - May 29, 2025

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Stack Exhaustion

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could

CVE-2025-3050 6.5 - Medium - May 29, 2025

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.

Allocation of Resources Without Limits or Throttling

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms

CVE-2024-38341 7.5 - High - May 28, 2025

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Inadequate Encryption Strength

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system

CVE-2024-51453 7.5 - High - May 28, 2025

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Directory traversal

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could

CVE-2025-3357 9.8 - Critical - May 28, 2025

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.

out-of-bounds array index

IBM Security Guardium 12.0 could

CVE-2025-25026 4.3 - Medium - May 28, 2025

IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.

AuthZ

IBM Security Guardium 12.0 could

CVE-2025-25025 5.3 - Medium - May 28, 2025

IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Generation of Error Message Containing Sensitive Information

IBM Security Guardium 12.0 could

CVE-2025-25029 6.5 - Medium - May 28, 2025

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.

Output Sanitization

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials

CVE-2025-33079 6.5 - Medium - May 27, 2025

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code.

Insufficiently Protected Credentials

IBM Aspera Faspex 5.0.0 through 5.0.12 could

CVE-2025-33136 8.8 - High - May 22, 2025

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.

MAID

IBM Aspera Faspex 5.0.0 through 5.0.12 could

CVE-2025-33137 8.8 - High - May 22, 2025

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.

Client-Side Enforcement of Server-Side Security

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection

CVE-2025-33138 6.1 - Medium - May 22, 2025

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

XSS

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability

CVE-2025-33103 8.8 - High - May 17, 2025

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.

Execution with Unnecessary Privileges

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection

CVE-2024-51475 6.1 - Medium - May 16, 2025

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

XSS

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user

CVE-2025-1138 4.3 - Medium - May 15, 2025

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.

Exposure of Information Through Directory Listing

IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting

CVE-2025-3440 5.5 - Medium - May 15, 2025

IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1  could

CVE-2025-1330 7.8 - High - May 08, 2025

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1  could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.

Memory Corruption

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could

CVE-2025-1329 7.8 - High - May 08, 2025

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.

Memory Corruption

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could

CVE-2025-1331 7.8 - High - May 08, 2025

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.

Use of Inherently Dangerous Function

IBM i 7.2

CVE-2025-3218 5.4 - Medium - May 07, 2025

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.

Improper Certificate Validation

IBM Maximo Application Suite 9.0 could

CVE-2025-2898 8.8 - High - May 06, 2025

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.

Incorrect Privilege Assignment

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could

CVE-2025-1493 5.3 - Medium - May 05, 2025

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.

Race Condition

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could

CVE-2025-1000 6.5 - Medium - May 05, 2025

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

Allocation of Resources Without Limits or Throttling

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could

CVE-2025-0915 6.5 - Medium - May 05, 2025

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.

Allocation of Resources Without Limits or Throttling

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting

CVE-2025-1551 6.1 - Medium - April 29, 2025

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could

CVE-2024-22351 6.3 - Medium - April 23, 2025

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Insufficient Session Expiration

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.