ibm

8,153 tracked vulnerabilities.

CVE-2024-39726 HIGH
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 - XML External Entity Injection
Nov 15, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-41784 HIGH
IBM Sterling Secure Proxy <6.1.0.0 - Path Traversal
Nov 15, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-43189 MEDIUM
IBM Concert Software <1.0.2 - Info Disclosure
Nov 15, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-41785 MEDIUM
IBM Concert 1.0.0-1.0.1 - Unauthenticated Stored Cross-Site Scripting
Nov 15, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-45670 MEDIUM
IBM Security SOAR < 51.0.2.0 - Weak Password Recovery Mechanism
Nov 14, 2024
CVSS 5.6
EPSS 0.00
CVE-2024-45642 MEDIUM
IBM Security ReaQta 3.12-3.12.11 - Stored Cross-Site Scripting in Web UI
Nov 14, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-45099 LOW
IBM Security ReaQta 3.12-3.12.11 - Stored Cross-Site Scripting in Web UI
Nov 14, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-45087 MEDIUM
IBM WebSphere App Server 8.5-9.0 - XSS
Nov 11, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-45088 MEDIUM
IBM Maximo Asset Mgmt <7.6.1.3 - XSS
Nov 11, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-35146 MEDIUM
IBM Maximo Application Suite Monitor 8.10.11, 8.11.8, 9.0.0 - Unauthenticated Stored Cross-Site Scripting
Nov 06, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-45086 MEDIUM
IBM WebSphere App Server <9.0 - XXE
Nov 04, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-41745 MEDIUM
IBM CICS TX Standard - Unauthenticated Stored Cross-Site Scripting
Nov 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-41744 MEDIUM
IBM CICS TX Standard 11.1 - Cross-Site Request Forgery
Nov 01, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-41741 MEDIUM
IBM TXSeries for Multiplatforms 10.1 - Info Disclosure
Nov 01, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-41738 MEDIUM
IBM TXSeries for Multiplatforms 10.1 - Info Disclosure
Nov 01, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-45656 CRITICAL
IBM Power System E1080 (9080-hex) Firmware - Hard-coded Credentials
Oct 29, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-38314 MEDIUM
IBM Maximo Application Suite - Monitor Component <9.0 - Info Disclo...
Oct 24, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-31880 MEDIUM
IBM Db2 10.5.0.0-10.5.10 and 11.5-11.5.8 - Authenticated Denial of Service via Crafted SQL Statement
Oct 23, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-43177 MEDIUM
IBM Concert 1.0.0 and 1.0.1 - Improper Certificate Validation
Oct 22, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-43173 LOW
IBM Concert 1.0.0 and 1.0.1 - Sensitive Cookie with Improper SameSite Attribute
Oct 22, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-45072 MEDIUM
IBM WebSphere App Server 8.5-9.0 - XXE
Oct 16, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-45071 MEDIUM
IBM WebSphere App Server <9.0 - XSS
Oct 16, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-49340 MEDIUM
IBM Watson Studio Local 1.2.3 - Cross-Site Request Forgery
Oct 16, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45085 MEDIUM
IBM WebSphere Application Server 8.5.0.0-8.5.5.26 - Denial of Service via Crafted Request
Oct 15, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-45073 MEDIUM
IBM WebSphere App Server <9.0 - XSS
Sep 30, 2024
CVSS 4.8
EPSS 0.00
Products
websphere_application_server 444 aix 393 db2 327 rational_quality_manager 202 sterling_b2b_integrator 195 infosphere_information_server 188 qradar_security_information_and_event_manager 187 maximo_asset_management 182 rational_doors_next_generation 153 rational_team_concert 142 rational_collaborative_lifecycle_management 141 rational_engineering_lifecycle_manager 141 websphere_portal 126 security_guardium 112 cognos_analytics 102 sterling_file_gateway 93 rational_rhapsody_design_manager 90 security_verify_access 90 websphere_mq 89 business_process_manager 88 lotus_domino 86 vios 85 rational_software_architect_design_manager 81 api_connect 79 lotus_notes 71 security_key_lifecycle_manager 70 db2_universal_database 66 concert 65 smartcloud_control_desk 65 urbancode_deploy 63
Quick Filters
Critical CVEs With Exploits In CISA KEV