Ibm: Security Vulnerabilities
IBM License Metric Tool 9.2.0 through 9.2.40
could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-09-29
IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-09-29
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0
is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-09-27
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-27
IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-09-27
IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-26
IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-09-26
IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-09-22
IBM webMethods Integration 10.15 and 11.1
is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-22
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-22