CVE-2025-66487

IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service...

Security Bulletin: IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities

Summary IBM Financial Transaction Manager for ACH Services and Check Services has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data...

CVE-2025-14914 IBM WebSphere Application Server Liberty Path Traversal

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

CVE-2025-36008 IBM Db2 denial of service

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper allocation of resources...

CVE-2024-40691

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

IBM Aspera 跨站脚本漏洞

IBM Aspera is a suite of fast file transfer and streaming solutions from International Business Machines IBM built on the IBM FASP protocol. A cross-site scripting vulnerability exists in IBM Aspera Console versions 3.4.0 through 3.4.2 PL5, which stems from susceptibility to a cross-site scriptin...

IBM QRadar SIEM Information Disclosure Vulnerability

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

IBM API Connect Security Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions V10.0.5....

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server suffers from a cross-site scripting vulnerability that stems...

PT-2023-6905 · Ibm · Ibm Financial Transaction Manager For Swift Services

Name of the Vulnerable Software and Affected Versions: IBM Financial Transaction Manager for SWIFT Services version 3.2.4 Description: The issue is related to incorrect restriction of XML links to external objects, which can be exploited by a remote attacker to expose sensitive information or...

CVE-2022-43581

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

CVE-2022-38387

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786...

Security Bulletin: Tivoli Federated Identity Manager - Unprotected Management Console Servlets (CVE-2012-3315)

Abstract SUMMARY The management console used to administer Tivoli Federated Identity Manager contains servlets which are not all protected via a J2EE security constraint. These servlets could be used by an unauthenticated user to download certain resources from TFIM. Content VULNERABILITY DETAILS...

Security Bulletin: GSKit SSL/TLS Record Length vulnerability in Tivoli Directory Server (CVE-2012-2191)

Abstract A vulnerability has been identified in the GSKit component utilized by Tivoli Directory Server TDS. A specifically crafted malformed SSL/TLS data packet can cause the TDS server using GSKit to segmentation fault.. Remediation for the issue consists of updating GSKit 7 to version 7.0.4.41...

CVE-2021-39033

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

CVE-2020-4995

IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912...

IBM API Connect 安全漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An Access Control Error vulnerability exists in IBM API Connect, which can be exploited by an...

IBM Financial Transaction Manager for SWIFT Services 信息泄露漏洞

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is a financial transaction manager product from IBM, USA. The product is primarily used for monitoring, tracking and reporting financial payments and transactions. An information disclosure vulnerability exists in IBM Financi...

IBM Oracle E-Business Suite Secure Enterprise Search Code Execution Vulnerability

IBM Oracle E-Business Suite Secure Enterprise Search is an enterprise asset search product from IBM USA. The product can search for public and private information from LANs, databases, disks, and file servers. A code execution vulnerability exists in Oracle E-Business Suite Secure Enterprise Sear...

PT-2019-16927 · Ibm · Ibm Sterling File Gateway

Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway versions 2.2.0.0 through 6.0.1.0 Description: The issue allows a remote attacker to send specially-crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end databas...