Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-05 | CVE-2025-0915 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 11.5 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources. | 6.5 |
| 2025-05-05 | CVE-2025-1000 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 11.5 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting. | 6.5 |
| 2025-04-29 | CVE-2025-1551 | Cross-site Scripting vulnerability in IBM Operational Decision Manager IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2025-03-12 | CVE-2024-52362 | Improper Validation of Syntactic Correctness of Input vulnerability in IBM products IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input. | 6.5 |
| 2025-03-07 | CVE-2023-35894 | Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in IBM Sterling Control Center 6.2.1/6.3.1 IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
| 2025-03-03 | CVE-2024-43169 | Download of Code Without Integrity Check vulnerability in IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. | 6.5 |
| 2025-02-20 | CVE-2024-49337 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. | 5.4 |
| 2025-02-20 | CVE-2024-49344 | Session Fixation vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. | 4.3 |
| 2025-02-20 | CVE-2024-43196 | Improper Following of a Certificate's Chain of Trust vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. | 4.3 |
| 2025-02-20 | CVE-2024-49355 | Improper Output Neutralization for Logs vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. | 6.5 |