Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-3623

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-27 May, 2026 | 12:45
Updated At-28 May, 2026 | 03:55
Rejected At-
Credits

Vulnerabilities exists in IBM Netezza Performance Server Replication Services

IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:27 May, 2026 | 12:45
Updated At:28 May, 2026 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)
Vulnerabilities exists in IBM Netezza Performance Server Replication Services

IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability.

Affected Products
Vendor
IBM CorporationIBM
Product
Netezza Performance Server Replication Services
CPEs
  • cpe:2.3:a:ibm:netezza_performance_server_replication_services:3.0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:netezza_performance_server_replication_services:3.0.5.0:*:*:*:*:*:*:*
Versions
Affected
  • From 3.0.2.0 through 3.0.5.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-250CWE-250 Execution with Unnecessary Privileges
Type: CWE
CWE ID: CWE-250
Description: CWE-250 Execution with Unnecessary Privileges
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Fixed VersionFix LinkIBM Netezza Performance Server Replication Services 3.0.5.1 Fix Central Link https://www.ibm.com/support/fixcentral/swg/selectFixes

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7272148
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7272148
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:27 May, 2026 | 14:16
Updated At:02 Jun, 2026 | 19:44

IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
IBM Corporation
ibm
>>netezza_performance_server_replication_services>>Versions from 3.0.2.0(inclusive) to 3.0.5.1(exclusive)
cpe:2.3:a:ibm:netezza_performance_server_replication_services:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-250Primarypsirt@us.ibm.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-250
Type: Primary
Source: psirt@us.ibm.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7272148psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7272148
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

240Records found
CVE-2025-33120
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.96%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 14:54
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar SIEM privilege escalation

IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_incident_forensicsqradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2026-1346
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.01% / 0.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 00:15
Updated-09 Apr, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.

Action-Not Available
Vendor-IBM Corporation
Product-verify_identity_access_containerverify_identity_accesssecurity_verify_access_containersecurity_verify_accessVerify Identity AccessSecurity Verify Access ContainerSecurity Verify AccessVerify Identity Access Container
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-30997
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.97%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:21
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Docker privilege escalation

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager Docker
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-30998
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.97%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:18
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Docker privilege escalation

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager Docker
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-49814
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:10
Updated-08 Aug, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance Privilege Escalation

IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access Appliance
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-49804
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 7.26%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 16:55
Updated-29 Jan, 2025 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance privilege escalation

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-1411
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.61%
||
7 Day CHG~0.00%
Published-15 Jun, 2025 | 12:34
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Directory Container command execution

IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_directorySecurity Verify Directory
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-35141
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.33%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 01:10
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access privilege escalation

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockerSecurity Verify Access Docker
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-31891
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.93%
||
7 Day CHG~0.00%
Published-14 Dec, 2024 | 13:01
Updated-16 Dec, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Scale privilege escalation

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.

Action-Not Available
Vendor-IBM Corporation
Product-Storage Scale
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-35142
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.15%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 16:57
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access privilege escalation

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockerSecurity Verify Access Docker
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-36186
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.01% / 1.20%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 18:40
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 privilege escalation

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-31890
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.95%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 09:39
Updated-17 Jul, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i privilege escalation

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-33003
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.50%
||
7 Day CHG~0.00%
Published-31 Oct, 2025 | 13:04
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable to privilege escalation

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-36007
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.14%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 18:40
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar SIEM incorrect privilege assignment

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-33092
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.69%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 18:36
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux code execution

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-36156
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.01% / 1.24%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 17:36
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Data Replication VSAM for z/OS Remote Source code execution

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_data_replication_vsam_for_z\/os_remote_sourceInfoSphere Data Replication VSAM for z/OS Remote Source
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-39049
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.75%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 18:35
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.

Action-Not Available
Vendor-IBM Corporation
Product-i2_analysts_notebooki2 Analyst's Notebook
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38991
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 24.09%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 16:25
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
CVE-2021-39088
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.05% / 15.57%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 22:15
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CVE-2021-38990
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.97%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 17:55
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
CVE-2023-45174
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 10.12%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 23:04
Updated-02 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX privilege escalation

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIX
CVE-2023-30989
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.02% / 7.27%
||
7 Day CHG~0.00%
Published-16 Jul, 2023 | 22:40
Updated-30 Oct, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i privilege escalation

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-31005
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-03 Feb, 2024 | 00:17
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Container privilege escalation

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockersecurity_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-31003
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 9.42%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 02:22
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Container privilege escalation

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockersecurity_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-30988
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.02% / 7.27%
||
7 Day CHG~0.00%
Published-16 Jul, 2023 | 22:37
Updated-30 Oct, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i privilege escalation

The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-30431
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 11.11%
||
7 Day CHG~0.00%
Published-09 Jul, 2023 | 23:58
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 buffer overflow

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-28956
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.86%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 01:00
Updated-09 Dec, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Protect Backup-Archive Client privilege escalation

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsspectrum_protect_backup-archive_clientSpectrum Protect Backup-Archive Clientspectrum_protect
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-6389
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 21:17
Updated-05 May, 2026 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.

Action-Not Available
Vendor-IBM Corporation
Product-turbonomic_prometurbo_agentTurbonomic prometurbo agent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-29740
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 14:05
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2018-1796
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 18:50
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.

Action-Not Available
Vendor-IBM Corporation
Product-informix_dynamic_serverInformix Dynamic Server Enterprise Edition
CVE-2023-28528
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-1.71% / 82.80%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 02:06
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX command execution

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.

Action-Not Available
Vendor-IBM Corporation
Product-viosaixAIX
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-28958
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7||HIGH
EPSS-0.12% / 31.00%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 01:06
Updated-12 Nov, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Knowledge Catalog CSV injection

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782.

Action-Not Available
Vendor-IBM Corporation
Product-watson_knowledge_catalog_on_cloud_pak_for_dataWatson Knowledge Catalog on Cloud Pak for Data
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
CVE-2018-1987
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.71%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 14:10
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280.

Action-Not Available
Vendor-IBM Corporation
Product-data_protectionSpectrum Protect for Enterprise Resource Planning
CWE ID-CWE-287
Improper Authentication
CVE-2021-20389
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 9.56%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-27285
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.37%
||
7 Day CHG~0.00%
Published-04 Jun, 2023 | 23:52
Updated-08 Jan, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera buffer overflow

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_cargoaspera_connectAspera ConnectAspera Cargo
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-26278
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.05% / 15.57%
||
7 Day CHG-0.08%
Published-31 May, 2023 | 19:05
Updated-09 Jan, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar WinCollect Agent privilege escalation

IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. IBM X-Force ID: 248158.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_wincollectQRadar WinCollect Agent
CVE-2023-26286
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 24.48%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 11:50
Updated-02 Aug, 2024 | 11:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX privilege escalation

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIX
CVE-2025-36384
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.04%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:27
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Privilege Escalation

IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-26277
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.33%
||
7 Day CHG-0.06%
Published-31 May, 2023 | 18:57
Updated-09 Jan, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar WinCollect Agent privilege escalation

IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. IBM X-Force ID: 248156.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_wincollectQRadar WinCollect Agent
CVE-2023-26279
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.01% / 2.71%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 23:39
Updated-02 Aug, 2024 | 11:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar WinCollect Agent improper output encoding

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_wincollectQRadar WinCollect Agent
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2020-4932
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 8.66%
||
7 Day CHG~0.00%
Published-05 May, 2021 | 15:45
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-20532
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.02% / 6.70%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:30
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-spectrum_protect_backup-archive_clientwindowsspectrum_protect_for_virtual_environmentsSpectrum Protect for Virtual Environments
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2018-1386
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.03% / 7.81%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 00:00
Updated-16 Sep, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_workload_schedulerWorkload Scheduler
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-22593
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.03% / 8.67%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 18:00
Updated-06 Nov, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation for Cloud Pak security configuration

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftrobotic_process_automationRobotic Process Automation for Cloud Pak
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-22592
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 18:33
Updated-03 Apr, 2025 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation for Cloud Pak insufficient permission settings

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.

Action-Not Available
Vendor-IBM CorporationRed Hat, Inc.
Product-openshiftrobotic_process_automation_for_cloud_pakRobotic Process Automation for Cloud Pak
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2003-0578
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-17 Jul, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

Action-Not Available
Vendor-n/aIBM Corporation
Product-u2_universen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-1950
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.05% / 17.39%
||
7 Day CHG+0.02%
Published-22 Apr, 2025 | 14:46
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Hardware Management Console - Power Systems command execution

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.

Action-Not Available
Vendor-IBM Corporation
Product-hardware_management_consoleHardware Management Console - Power Systems
CWE ID-CWE-114
Process Control
CVE-2025-1994
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.09%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 16:49
Updated-02 Sep, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Command Center code execution

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_command_centerCognos Command Center
CWE ID-CWE-242
Use of Inherently Dangerous Function
CVE-2024-51459
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.02% / 7.28%
||
7 Day CHG~0.00%
Published-19 Mar, 2025 | 18:08
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Server Information command execution

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixinfosphere_information_serverwindowslinux_kernelInfoSphere Information Server
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-1999-0022
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.93%
||
7 Day CHG+0.06%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Action-Not Available
Vendor-bsdin/absdiHP Inc.IBM CorporationSilicon Graphics, Inc.FreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-sunosirixsolarisbsd_osfreebsdhp-uxaixn/afreebsdbsd_ossolarissunoshp-uxaixirix
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found