CVSS: 4.4EPSS: %CPEs: 1EXPL: 0CVE-2025-36000 – IBM WebSphere Application Server Liberty cross-site scripting
https://notcve.org/view.php?id=CVE-2025-36000
12 Aug 2025 — IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7242026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: %CPEs: 1EXPL: 0CVE-2025-36124 – IBM WebSphere Application Server Liberty bypass security
https://notcve.org/view.php?id=CVE-2025-36124
12 Aug 2025 — IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration • https://www.ibm.com/support/pages/node/7242027 • CWE-268: Privilege Chaining •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36023 – IBM Cloud Pak for Business Automation security bypass
https://notcve.org/view.php?id=CVE-2025-36023
08 Aug 2025 — IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key. • https://www.ibm.com/support/pages/node/7241570 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-36119 – IBM i authentication bypass
https://notcve.org/view.php?id=CVE-2025-36119
08 Aug 2025 — IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator. • https://www.ibm.com/support/pages/node/7241008 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56339 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2024-56339
07 Aug 2025 — IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration. IBM WebSphere Application Server 9.0 y WebSphere Application Server Liberty 17.0.0.3 a 25.0.0.7 podrían permitir que un atacante remoto eluda las restricciones de seguridad causadas por un fallo en el respeto de la configuración de seguridad. IBM WebSphere Application Server 9.0 and WebSphere... • https://www.ibm.com/support/pages/node/7239955 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36020 – IBM Guardium Data Protection information disclosure
https://notcve.org/view.php?id=CVE-2025-36020
06 Aug 2025 — IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information. IBM Guardium Data Protection podría permitir que un atacante remoto obtenga información confidencial gracias a la transmisión en texto sin formato de información de credenciales confidenciales. • https://www.ibm.com/support/pages/node/7241547 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3354 – IBM Tivoli Monitoring code execution
https://notcve.org/view.php?id=CVE-2025-3354
06 Aug 2025 — IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM Tivoli Monitoring 6.3.0.7 a 6.3.0.7 Service Pack 20 es vulnerable a un desbordamiento de búfer basado en el montón, causado por una comprobación incorrecta de límites. Un atacante remoto podría desbordar un búfer y ejecutar código arbitrario en el si... • https://www.ibm.com/support/pages/node/7241472 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3320 – IBM Tivoli Monitoring code execution
https://notcve.org/view.php?id=CVE-2025-3320
06 Aug 2025 — IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM Tivoli Monitoring 6.3.0.7 a 6.3.0.7 Service Pack 20 es vulnerable a un desbordamiento de búfer basado en el montón, causado por una comprobación incorrecta de límites. Un atacante remoto podría desbordar un búfer y ejecutar código arbitrario en el si... • https://www.ibm.com/support/pages/node/7241472 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52890 – IBM Engineering Lifecycle Optimization - Publishing cross-site scripting
https://notcve.org/view.php?id=CVE-2024-52890
05 Aug 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs. IBM Engineering Lifecycle Optimization - Publishing 7.0.2 y 7.03 podrían ser susceptibles a cross-site scripting debido a la falta de validación de los URI. • https://www.ibm.com/support/pages/node/7241392 • CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-2824 – IBM Operational Decision Manager HTTP open redirect
https://notcve.org/view.php?id=CVE-2025-2824
01 Aug 2025 — IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Oper... • https://www.ibm.com/support/pages/node/7241286 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •