ibm
8,286 tracked vulnerabilities.
CVE-2025-36335
MEDIUM
Vulnerabilities found
Apr 30, 2026
CVSS 6.2
EPSS 0.00
CVE-2025-36180
MEDIUM
Inadequate Pod Communication Restrictions, affects watsonx.data
Apr 30, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-36122
MEDIUM
IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic
Apr 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-14688
MEDIUM
IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations
Apr 30, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-36074
MEDIUM
Security vulnerability has been detected in IBM Security Verify Directory
Apr 23, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-13044
MEDIUM
IBM Concert 1.0.0-2.2.0 - Predictable Temporary File Symlink Overwrite
Apr 07, 2026
CVSS 6.2
EPSS 0.00
CVE-2025-66487
LOW
IBM Aspera Shares 1.9.9-1.11.0 - Email Rate Limit Denial of Service
Apr 01, 2026
CVSS 2.7
EPSS 0.00
CVE-2025-66486
MEDIUM
IBM Aspera Shares 1.9.9-1.11.0 - HTML Injection
Apr 01, 2026
CVSS 4.8
EPSS 0.00
CVE-2025-66485
MEDIUM
IBM Aspera Shares 1.9.9-1.11.0 - HTTP Header Injection
Apr 01, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-66484
MEDIUM
IBM Aspera Shares 1.9.9-1.11.0 - Stored Cross-Site Scripting
Apr 01, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-66483
MEDIUM
IBM Aspera Shares 1.9.9-1.11.0 - Session Not Invalidated After Password Reset
Apr 01, 2026
CVSS 6.3
EPSS 0.00
CVE-2025-36375
MEDIUM
IBM DataPower Gateway vulnerable to CSRF
Apr 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-36373
MEDIUM
Incorrect administrative access control in IBM DataPower Gateway
Apr 01, 2026
CVSS 4.1
EPSS 0.00
CVE-2025-13916
MEDIUM
IBM Aspera Shares 1.9.9-1.11.0 - Weak Cryptography
Apr 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-13855
HIGH
IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .
Apr 01, 2026
CVSS 7.6
EPSS 0.00
CVE-2025-36187
MEDIUM
Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge
Mar 25, 2026
CVSS 4.4
EPSS 0.00
CVE-2025-14684
MEDIUM
IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .
Mar 25, 2026
CVSS 4.0
EPSS 0.00
CVE-2025-64648
MEDIUM
IBM Concert 1.0.0-2.2.0 - Cleartext Data Transmission
Mar 25, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-64647
MEDIUM
IBM Concert 1.0.0-2.2.0 - Weak Cryptography
Mar 25, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-64646
MEDIUM
IBM Concert 1.0.0-2.2.0 - Uncleared Memory Information Disclosure
Mar 25, 2026
CVSS 6.2
EPSS 0.00
CVE-2025-36440
MEDIUM
IBM Concert 1.0.0-2.2.0 - Missing Function-Level Access Control
Mar 25, 2026
CVSS 5.1
EPSS 0.00
CVE-2025-36438
MEDIUM
IBM Concert 1.0.0-2.2.0 - Improper Channel Communication Restriction
Mar 25, 2026
CVSS 5.1
EPSS 0.00
CVE-2025-36422
MEDIUM
IBM InfoSphere Information Server is vulnerable to cross-site request forgery
Mar 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-36258
HIGH
IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password
Mar 25, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-14974
MEDIUM
IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
Mar 25, 2026
CVSS 5.7
EPSS 0.00
Products
websphere_application_server 465
aix 400
db2 339
rational_quality_manager 202
sterling_b2b_integrator 195
qradar_security_information_and_event_manager 190
infosphere_information_server 189
maximo_asset_management 182
rational_doors_next_generation 153
rational_team_concert 142
rational_collaborative_lifecycle_management 141
rational_engineering_lifecycle_manager 141
websphere_portal 126
security_guardium 112
cognos_analytics 104
sterling_file_gateway 93
vios 92
rational_rhapsody_design_manager 90
security_verify_access 90
websphere_mq 89
business_process_manager 88
lotus_domino 86
api_connect 81
rational_software_architect_design_manager 81
lotus_notes 71
security_key_lifecycle_manager 70
db2_universal_database 66
concert 65
smartcloud_control_desk 65
urbancode_deploy 65
Quick Filters