Aggregates CVE and security vulnerability intelligence across all IBM-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk csrf and related problems; some flaws may lead to vendor impact memory corruption, affecting vendor surface server deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-9330 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. | [email protected] | 8.5 | 0.28% | 2026-06-01 | 2026-06-04 |
| CVE-2026-9319 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | [email protected] | 9.0 | 0.29% | 2026-06-01 | 2026-06-04 |
| CVE-2026-9311 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | [email protected] | 9.0 | 0.26% | 2026-06-01 | 2026-06-04 |
| CVE-2026-8644 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | [email protected] | 9.1 | 0.05% | 2026-06-01 | 2026-06-04 |
| CVE-2026-1248 | IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. | [email protected] | 4.3 | 0.03% | 2026-05-27 | 2026-05-28 |
| CVE-2026-9035 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to. | [email protected] | 6.5 | 0.04% | 2026-05-27 | 2026-06-05 |
| CVE-2026-8405 | IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode. | [email protected] | 6.5 | 0.03% | 2026-05-27 | 2026-06-03 |
| CVE-2026-8180 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash. | [email protected] | 7.5 | 0.06% | 2026-05-27 | 2026-06-05 |
| CVE-2026-8179 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated user to execute arbitrary code on the system. | [email protected] | 8.8 | 0.06% | 2026-05-27 | 2026-06-05 |
| CVE-2026-8175 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution. | [email protected] | 9.8 | 0.46% | 2026-05-27 | 2026-06-05 |
| CVE-2026-7876 | IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 | [email protected] | 9.1 | 0.02% | 2026-05-27 | 2026-05-29 |
| CVE-2026-7365 | IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication. | [email protected] | 8.4 | 0.02% | 2026-05-27 | 2026-06-02 |
| CVE-2026-7254 | IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. | [email protected] | 5.3 | 0.05% | 2026-05-27 | 2026-06-02 |
| CVE-2026-6938 | IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. | [email protected] | 6.5 | 0.02% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6936 | IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements. | [email protected] | 6.5 | 0.04% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6053 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. | [email protected] | 5.5 | 0.01% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6052 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. | [email protected] | 6.5 | 0.04% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6051 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. | [email protected] | 5.5 | 0.01% | 2026-05-27 | 2026-05-28 |
| CVE-2026-5516 | IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window. | [email protected] | 4.4 | 0.04% | 2026-05-27 | 2026-06-02 |
| CVE-2026-5515 | IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. | [email protected] | 5.5 | 0.01% | 2026-05-27 | 2026-06-02 |