IBM 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk csrf などに関し、一部は vendor impact memory corruption を招き、vendor surface server deployment and vendor surface system components 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-9330 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. | [email protected] | 8.5 | 0.28% | 2026-06-01 | 2026-06-04 |
| CVE-2026-9319 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | [email protected] | 9.0 | 0.29% | 2026-06-01 | 2026-06-04 |
| CVE-2026-9311 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | [email protected] | 9.0 | 0.26% | 2026-06-01 | 2026-06-04 |
| CVE-2026-8644 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | [email protected] | 9.1 | 0.05% | 2026-06-01 | 2026-06-04 |
| CVE-2026-1248 | IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. | [email protected] | 4.3 | 0.03% | 2026-05-27 | 2026-05-28 |
| CVE-2026-9035 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to. | [email protected] | 6.5 | 0.04% | 2026-05-27 | 2026-06-05 |
| CVE-2026-8405 | IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode. | [email protected] | 6.5 | 0.03% | 2026-05-27 | 2026-06-03 |
| CVE-2026-8180 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash. | [email protected] | 7.5 | 0.06% | 2026-05-27 | 2026-06-05 |
| CVE-2026-8179 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated user to execute arbitrary code on the system. | [email protected] | 8.8 | 0.06% | 2026-05-27 | 2026-06-05 |
| CVE-2026-8175 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution. | [email protected] | 9.8 | 0.46% | 2026-05-27 | 2026-06-05 |
| CVE-2026-7876 | IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place. | [email protected] | 9.1 | 0.02% | 2026-05-27 | 2026-06-11 |
| CVE-2026-7365 | IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication. | [email protected] | 8.4 | 0.02% | 2026-05-27 | 2026-06-02 |
| CVE-2026-7254 | IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. | [email protected] | 5.3 | 0.05% | 2026-05-27 | 2026-06-02 |
| CVE-2026-6938 | IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. | [email protected] | 6.5 | 0.02% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6936 | IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements. | [email protected] | 6.5 | 0.04% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6053 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. | [email protected] | 5.5 | 0.01% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6052 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. | [email protected] | 6.5 | 0.04% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6051 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. | [email protected] | 5.5 | 0.01% | 2026-05-27 | 2026-05-28 |
| CVE-2026-5516 | IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window. | [email protected] | 4.4 | 0.04% | 2026-05-27 | 2026-06-02 |
| CVE-2026-5515 | IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. | [email protected] | 5.5 | 0.01% | 2026-05-27 | 2026-06-02 |