IBM Program Statistics

View program

47 total issues disclosed

$0 total paid publicly

Most disclosed (6 disclosures) — SQL Injection

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
IBM Aspera HTTP Gateway stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. Information Disclosure jhon1231248e High 2026-04-27
Potential Subdomain Takeover on IBM.com domain. Improper Access Control - Generic bugmithalchemist High 2026-03-24
SQL Injection vulnerability found on ibm.com endpoint SQL Injection cr3ckerxploit Critical 2026-03-12
Path Traversal vulnerability identified on IBM endpoint. None supplied e1abrador1 High 2026-01-12
SQL injection identified on IBM endpoint. SQL Injection rakib0x7 Critical 2026-01-07
Remote Code Execution identified on IBM endpoint. None supplied dara_7979 Critical 2025-12-31
[RCE] Remote Code Execution via React Server Components Vulnerability CVE-2025-55182 Code Injection kanon4 Critical 2025-12-18
Information disclosure identified on IBM endpoint. Information Disclosure devire Medium 2025-07-08
Path Traversal Vulnerability found on IBM Cloud Path Traversal 0xnullbytex0 Critical 2025-05-07
Middleware Authentication Bypass on IBM Portal Command Injection - Generic muhammadwaseem3 Critical 2025-05-02
Information disclosure on IBM training service endpoint Insecure Direct Object Reference (IDOR) thpless No rating 2025-04-29
Weak credentials found in Jenkins endpoint None supplied roswell-47 Critical 2025-02-05
There is a POST based CSRF issue over IBM endpoint leading to modification of contact information. Cross-Site Request Forgery (CSRF) youssifs7 Medium 2025-02-04
POST based Cross-Site Scripting on IBM research endpoint Cross-site Scripting (XSS) - Reflected youssifs7 Medium 2025-01-23
Exposed Logs and Bearer Tokens on Test Endpoint Information Disclosure facades No rating 2024-12-12
SSRF via host header let access localhost via https://go.dialexa.com None supplied mersa-v6 Medium 2024-10-03
IBM OpenPages vulnerable to exposure of sensitive information Improper Authentication - Generic 0xhassan Medium 2024-10-01
SSRF and secret key disclosure found on Turbonomic endpoint Server-Side Request Forgery (SSRF) mersa-v6 High 2024-09-19
SSRF and secret key disclosure found on Turbonomic endpoint Server-Side Request Forgery (SSRF) mersa-v6 High 2024-09-19
jazz.net - publicly accessible .svn repositories LLM06: Sensitive Information Disclosure cyber_punk No rating 2024-08-16
XSS in IBM InfoCenter Cross-site Scripting (XSS) - DOM aviv_keller Medium 2024-07-17
S3 Bucket Takeover on apptio endpoint Improper Access Control - Generic samurai_jack0 Medium 2024-06-21
XSS in Aspera documentation website Cross-site Scripting (XSS) - DOM aviv_keller Medium 2024-05-06
Insecure Direct Object Reference Protection bypass by changing HTTP method in IBM Your Learning endpoint. Insecure Direct Object Reference (IDOR) suryahss Critical 2024-05-01
RXSS in hidden parameter Cross-site Scripting (XSS) - Reflected buggedout Medium 2024-04-23
XSS Refelected on jazz.net Cross-site Scripting (XSS) - Reflected nightm4re Medium 2024-02-29
Improper Authentication on Alertmanager instance Improper Authentication - Generic nhx1 Medium 2024-02-29
Jenkins server access due to weak password Improper Authentication - Generic bugoverflow High 2024-02-29
IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls Improper Access Control - Generic ibrahimsyam1 Medium 2024-02-06
Unauthenticated Remote Access to Testing Endpoint Improper Access Control - Generic sajidraza Critical 2023-12-04
IDOR in upload videos of a Channel on https://video.ibm.com Insecure Direct Object Reference (IDOR) tusnj Critical 2023-08-31
Nginx Alias Traversal - babel.bluetab.net Path Traversal dk4trin High 2023-08-11
IDOR in channel ID leads to customer email disclosure on https://video.ibm.com Information Disclosure tusnj High 2023-08-11
response manipulation leads to bypass in register at employee website than 0 click account takeover Improper Authentication - Generic ro0od Critical 2023-06-21
Moodle XSS on s-immerscio.comprehend.ibm.com Cross-site Scripting (XSS) - Reflected 0xpugal Medium 2023-05-11
Subdomain Takeover Affecting at vex.weather.com Improper Authentication - Generic gdattacker Critical 2023-05-10
Cleartext storage of sensitive information at https://staging.status.ai-apps-comms.ibm.com/env can lead to account takeover of several IBM employees Cleartext Storage of Sensitive Information zere Critical 2022-09-09
Insecure Object Permissions for Guest User leads to access to internal documents! Improper Authentication - Generic mocr7 Critical 2022-07-15
sql injection via https://setup.p2p.ihost.com/ SQL Injection exploitmsf Critical 2022-06-17
SQL injection in URL path processing on www.ibm.com SQL Injection asterite Critical 2022-05-06
CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability - https://esccvc.de.ibm.com Path Traversal 0xelkomy High 2022-03-11
Public Jenkins instance with /script enabled Improper Access Control - Generic thesanjok Critical 2022-03-11
Reflected XSS and Blind out of band command injection at subdomain dstuid-ww.dst.ibm.com OS Command Injection vermithor-ke High 2022-02-04
SQL Injection and plaintext passwords via User Search SQL Injection xyantix High 2022-01-14
Remote Code Execution at https://169.38.86.185/ (edst.ibm.com) Command Injection - Generic haxor31337 Critical 2021-11-04
SQL Injection in IBM access control panel & Broken access in admin panel SQL Injection thecyberguy0 Critical 2021-10-18
Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it None supplied un_kn0wn Critical 2021-10-18