85301 matches found
IBM BigFix Platform - Information Disclosure
IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...
IBM Operational Decision Manager - Java Deserialization
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to...
Joomla! Component Love Factory 1.3.4 - Local File Inclusion
A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView
Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...
Security Bulletin: Vulnerability in undici bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the undici library, which is affected by a denial of service vulnerability. CVE-2026-22036 Vulnerability Details CVEID:CVE-2026-22036 DESCRIPTION: Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0,...
Security Bulletin: IBM DataStage Flow Designer application is affected by an information disclosure vulnerability (CVE-2026-9836)
Summary An information disclosure vulnerability was addressed in IBM DataStage Flow Designer . Vulnerability Details CVEID:CVE-2026-9836 DESCRIPTION: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. CWE:CWE-200: Exposure of...
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. id: CVE-2024-22319 info: name: IBM Operational Decision Manager -...
IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
IBM Maximo Asset Management is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. id: CVE-2020-4463 info: name: IBM Maximo Asset Management Information...
IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection
IBM Planning Analytics versions 2.0.0 through 2.0.8 are vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. id: CVE-2019-4716 info: name: IBM Planning Analytics - Authentication Bypass & Remote...
Security Bulletin: IBM Storage Scale System: Vulnerability in Linux kernel crypto subsystem could allow local privilege escalation (CVE-2026-31431)
Summary IBM Storage Scale Systems is affected by a security vulnerability identified in the Linux kernel's cryptographic interface CVE-2026-31431 that could allow a local user with low privileges to escalate to root privileges. The vulnerability has a CVSS score of 7.8 High and requires local...
Security Bulletin: Due to use of Golang Go, multiple vulnerabilities affect IBM Cloud Pak System
Summary Due to use of Golang Go multiple vulnerabilities affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2026-39827 DESCRIPTION: An authenticated SSH client that repeatedly opened channels which were rejected by the server...
CVE-2026-9074
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System
Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38716 DESCRIPTION: IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the...
CVE-2026-9074 IBM API Connect SQL Injection
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
CVE-2026-9074
IBM API Connect is affected by an unauthenticated SQL injection in the password reset flow for versions 10.0.8.0–10.0.8.9 and 12.1.0.0–12.1.0.3. The issue is a server-side SQL injection vulnerability that can be exploited without authentication, with network access required and no user interactio...
EUVD-2026-42307
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
CVE-2026-3144 IBM API Connect Default Credentials
IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update...
EUVD-2026-42304
IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update...
Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a Denial of Service vulnerability due to pyasn1
Summary pyasn1 is used by IBM Cloud Pak for Data System 1.0 as a generic ASN.1 encoding and decoding library for Python applications. CVE-2026-30922 affects pyasn1's ASN.1 decoder, where processing of crafted payloads containing deeply nested SEQUENCE or SET tags with indefinite length markers...
Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]
Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0 and IBM Cloud Pak System version 2.3.5.1 BYOH on power. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The...