ibm

8,153 tracked vulnerabilities.

CVE-2025-36223 MEDIUM
IBM OpenPages 9.0 and 9.1 - HTTP Header Injection via HOST Header
Nov 12, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-27368 MEDIUM
IBM OpenPages 9.0-9.1 - Info Disclosure
Nov 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-33150 MEDIUM
IBM Cognos Analytics Certified Containers 12.1.0 - Info Disclosure
Nov 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-36186 HIGH
IBM Db2 <12.1.4 - Privilege Escalation
Nov 07, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-36185 MEDIUM
IBM Db2 12.1.0-12.1.2 - Denial of Service via Data Query Logic
Nov 07, 2025
CVSS 6.2
EPSS 0.00
CVE-2025-36136 MEDIUM
IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Denial of Service via Database Monitor Script
Nov 07, 2025
CVSS 5.1
EPSS 0.00
CVE-2025-36135 MEDIUM
IBM Sterling B2B Integrator & File Gateway 6.0.0.0-6.1.2.7_1, 6.2.0.0-6.2.0.5, 6.2.1.0 - Stored XSS
Nov 07, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-36131 MEDIUM
IBM Db2 11.1.0-11.1.4.7, 11.5.0-11.5.9, 12.1.0-12.1.3 - Exposure of Private Personal Information via clpplus Command
Nov 07, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-36008 MEDIUM
IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Authenticated Denial of Service
Nov 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-36006 MEDIUM
IBM Db2 10.5.0-10.5.11, 11.1.0-11.1.4.7, 11.5.0-11.5.9, 12.1.0-12.1.3 - DoS via Improper Resource Release
Nov 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-33012 MEDIUM
IBM Db2 <12.1.3 - Privilege Escalation
Nov 07, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-2534 MEDIUM
IBM Db2 11.1.0-11.1.4.7, 11.5.0-11.5.9, 12.1.0-12.1.3 - Denial of Service via Specially Crafted Query
Nov 07, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-33110 MEDIUM
IBM OpenPages 9.0-9.1 - Cross-Site Scripting
Nov 06, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-36054 MEDIUM
IBM Business Automation Workflow & Process Federation Server Unauthenticated Stored XSS
Nov 06, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-36172 MEDIUM
IBM Cloud Pak for Business Automation Stored XSS (24.0.0-24.0.1, 25.0.0)
Nov 03, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-12531 HIGH
IBM InfoSphere Information Server <11.7.1.6 - XXE
Nov 03, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-36093 MEDIUM
IBM Cloud Pak For Business Automation <25.0.0 - Info Disclosure
Nov 03, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-36092 MEDIUM
IBM Cloud Pak for Business Automation DoS via Improper Input Length Validation
Nov 03, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-36091 MEDIUM
IBM Cloud Pak For Business Automation <25.0.0 - Privilege Escalation
Nov 03, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-36367 HIGH
IBM i 7.2-7.6 - Missing Authorization Leading to Privilege Escalation
Nov 01, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-36249 LOW
IBM Jazz for Service Management <1.1.3.25 - Open Redirect
Oct 31, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-33003 HIGH
IBM InfoSphere Information Server <11.7.1.6 - Privilege Escalation
Oct 31, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-3356 HIGH
IBM Tivoli Monitoring <6.3.0.7 - Path Traversal
Oct 30, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-3355 HIGH
IBM Tivoli Monitoring <6.3.0.7-SP21 - Path Traversal
Oct 30, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-36137 HIGH
IBM Sterling Connect Direct - Privilege Escalation
Oct 30, 2025
CVSS 7.2
EPSS 0.00
Products
websphere_application_server 444 aix 393 db2 327 rational_quality_manager 202 sterling_b2b_integrator 195 infosphere_information_server 188 qradar_security_information_and_event_manager 187 maximo_asset_management 182 rational_doors_next_generation 153 rational_team_concert 142 rational_collaborative_lifecycle_management 141 rational_engineering_lifecycle_manager 141 websphere_portal 126 security_guardium 112 cognos_analytics 102 sterling_file_gateway 93 rational_rhapsody_design_manager 90 security_verify_access 90 websphere_mq 89 business_process_manager 88 lotus_domino 86 vios 85 rational_software_architect_design_manager 81 api_connect 79 lotus_notes 71 security_key_lifecycle_manager 70 db2_universal_database 66 concert 65 smartcloud_control_desk 65 urbancode_deploy 63
Quick Filters
Critical CVEs With Exploits In CISA KEV