CVSS: 8.4EPSS: %CPEs: 1EXPL: 0CVE-2024-45675 – IBM Informix Dynamic Server Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-45675
02 Dec 2025 — IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password. • https://www.ibm.com/support/pages/node/7252704 • CWE-309: Use of Password System for Primary Authentication •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-36134 – IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2025-36134
25 Nov 2025 — IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. • https://www.ibm.com/support/pages/node/7252210 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36150 – IBM Concert Information Disclosure
https://notcve.org/view.php?id=CVE-2025-36150
24 Nov 2025 — IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7252019 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-36112 – IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2025-36112
24 Nov 2025 — IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user. IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user. • https://www.ibm.com/support/pages/node/7252197 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36149 – IBM Concert Software clickjacking
https://notcve.org/view.php?id=CVE-2025-36149
21 Nov 2025 — IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim. • https://www.ibm.com/support/pages/node/7252019 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-36072 – IBM webMethods Integration Deserialization
https://notcve.org/view.php?id=CVE-2025-36072
20 Nov 2025 — IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data. • https://www.ibm.com/support/pages/node/7252090 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36153 – IBM Concert Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2025-36153
20 Nov 2025 — IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7252019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36158 – IBM Concert Information Disclosure
https://notcve.org/view.php?id=CVE-2025-36158
20 Nov 2025 — IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying. • https://www.ibm.com/support/pages/node/7252019 • CWE-674: Uncontrolled Recursion •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36159 – IBM Concert Improper Log Neutralization
https://notcve.org/view.php?id=CVE-2025-36159
20 Nov 2025 — IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. • https://www.ibm.com/support/pages/node/7252019 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36160 – IBM Concert Information Disclosure
https://notcve.org/view.php?id=CVE-2025-36160
20 Nov 2025 — IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7252019 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •