Filtered by vendor Ibm
Subscribe
Total
7811 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3007 | 1 Ibm | 1 Connections | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users. | |||||
| CVE-2013-6308 | 1 Ibm | 1 Marketing Platform | 2025-04-12 | 4.9 MEDIUM | N/A |
| IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. | |||||
| CVE-2016-6027 | 1 Ibm | 1 Sterling Secure Proxy | 2025-04-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP. | |||||
| CVE-2014-8890 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 5.1 MEDIUM | N/A |
| IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations. | |||||
| CVE-2016-5977 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 4.9 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2014-4837 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-1942 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 9.3 HIGH | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to write to arbitrary files, and subsequently execute these files, via a crafted TCP packet to an unspecified port. | |||||
| CVE-2016-2963 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-1921 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
| CVE-2016-0240 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||||
| CVE-2014-3106 | 1 Ibm | 1 Rational Clearcase | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature. | |||||
| CVE-2012-3333 | 1 Ibm | 2 Maximo Asset Management, Smartcloud Control Desk | 2025-04-12 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL. | |||||
| CVE-2013-6333 | 1 Ibm | 1 Algo One | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6320. | |||||
| CVE-2015-1980 | 1 Ibm | 1 Infosphere Master Data Management | 2025-04-12 | 3.5 LOW | N/A |
| IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2014-0877 | 1 Ibm | 1 Cognos Tm1 | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link. | |||||
| CVE-2016-3014 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5905 | 1 Ibm | 1 Maximo Asset Management | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3073 | 1 Ibm | 4 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web Appliance and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2016-0328 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors. | |||||
| CVE-2015-4938 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors. | |||||