IBM 漏洞與 CVE 列表(8,250)

產品(CPE): — CVE 數: 8,250

IBM 漏洞概覽

彙總 IBM 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 路徑處理缺陷與輸入驗證問題 等問題,部分漏洞可能導致 記憶體損壞,並影響 伺服器部署與系統元件 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 1208250 CVE 數
«« 第一頁 « 上一頁 第 1 / 413 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-9074 IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality. [email protected] 9.1 0.44% 2026-07-08 2026-07-10
CVE-2026-3144 IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update. [email protected] 8.1 0.37% 2026-07-08 2026-07-10
CVE-2026-11541 IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability. [email protected] 7.4 0.42% 2026-06-30 2026-07-02
CVE-2026-11594 IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console. [email protected] 8.5 0.28% 2026-06-30 2026-07-02
CVE-2025-36359 IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system. [email protected] 8.1 0.20% 2026-06-30 2026-07-06
CVE-2025-36336 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. [email protected] 5.9 0.20% 2026-06-30 2026-07-06
CVE-2025-36333 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow. [email protected] 4.3 0.28% 2026-06-30 2026-07-06
CVE-2025-36328 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system. [email protected] 4.3 0.36% 2026-06-30 2026-07-06
CVE-2025-36327 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security. [email protected] 6.5 0.38% 2026-06-30 2026-07-06
CVE-2025-36324 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. [email protected] 4.3 0.27% 2026-06-30 2026-07-06
CVE-2025-36323 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [email protected] 5.4 0.23% 2026-06-30 2026-07-06
CVE-2025-36321 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. [email protected] 5.7 0.40% 2026-06-30 2026-07-06
CVE-2025-36320 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [email protected] 6.4 0.25% 2026-06-30 2026-07-06
CVE-2025-36319 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling. [email protected] 4.3 0.42% 2026-06-30 2026-07-06
CVE-2025-12530 IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. [email protected] 5.9 0.20% 2026-06-30 2026-07-06
CVE-2026-9836 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. [email protected] 3.5 0.15% 2026-06-30 2026-07-02
CVE-2026-9002 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM. [email protected] 6.5 0.27% 2026-06-30 2026-07-02
CVE-2026-3602 IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of. [email protected] 4.7 0.16% 2026-06-30 2026-07-02
CVE-2026-13773 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host; when chained with the IBM ORB's getUserException class-instantiation flaw (WAS-26), this SSRF escalates to remote code execution on the calling JVM. [email protected] 6.0 3.42% 2026-06-30 2026-07-02
CVE-2026-13772 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget po [email protected] 7.5 0.27% 2026-06-30 2026-07-03
«« 第一頁 « 上一頁 第 1 / 413 頁 下一頁 »
cvelogic Threat Intelligence