Filtered by vendor Ibm
Subscribe
Total
7404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6356 | 1 Ibm | 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk | 2025-04-11 | 6.5 MEDIUM | N/A |
| IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation. | |||||
| CVE-2011-4816 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-4817 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2025-04-11 | 4.0 MEDIUM | N/A |
| The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account. | |||||
| CVE-2013-0464 | 1 Ibm | 2 Eclipse Help System, Spss Data Collection | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2013-2977 | 3 Ibm, Linux, Microsoft | 3 Lotus Notes, Linux Kernel, Windows | 2025-04-11 | 6.8 MEDIUM | N/A |
| Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q. | |||||
| CVE-2010-2087 | 3 Caucho, Ibm, Oracle | 3 Resin, Websphere Application Server, Mojarra | 2025-04-11 | 4.3 MEDIUM | N/A |
| Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. | |||||
| CVE-2011-1224 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. | |||||
| CVE-2010-0462 | 1 Ibm | 1 Db2 | 2025-04-11 | 6.5 MEDIUM | N/A |
| Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function. | |||||
| CVE-2010-0557 | 1 Ibm | 1 Cognos Express | 2025-04-11 | 7.5 HIGH | N/A |
| IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. | |||||
| CVE-2013-0600 | 1 Ibm | 2 Websphere Datapower Xc10 Appliance, Websphere Datapower Xc10 Appliance Firmware | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. | |||||
| CVE-2014-0854 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 5.0 MEDIUM | N/A |
| The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2012-2194 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors. | |||||
| CVE-2010-3194 | 1 Ibm | 1 Db2 | 2025-04-11 | 7.5 HIGH | N/A |
| The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. | |||||
| CVE-2010-3474 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. | |||||
| CVE-2010-0927 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920. | |||||
| CVE-2013-0593 | 1 Ibm | 1 Spss Samplepower | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-7299 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field. | |||||
| CVE-2012-3328 | 1 Ibm | 5 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 2 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer. | |||||
| CVE-2012-0203 | 1 Ibm | 2 Infosphere Information Server, Infosphere Metadata Workbench | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1386 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature. | |||||