Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7381 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8900 1 Ibm 1 Urbancode Deploy 2025-04-20 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.
CVE-2017-1223 1 Ibm 1 Bigfix Platform 2025-04-20 5.8 MEDIUM 6.1 MEDIUM
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902.
CVE-2017-1504 1 Ibm 1 Websphere Application Server 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.
CVE-2017-1170 1 Ibm 1 Websphere Commerce 2025-04-20 4.6 MEDIUM 5.3 MEDIUM
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.
CVE-2016-5880 1 Ibm 2 Domino, Inotes 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-0270 1 Ibm 3 Client Application Access, Domino, Notes 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
CVE-2016-5919 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
CVE-2017-1327 1 Ibm 1 Inotes 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.
CVE-2017-1240 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.
CVE-2017-1494 1 Ibm 1 Business Process Manager 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692.
CVE-2016-5941 1 Ibm 1 Kenexa Lms 2025-04-20 3.5 LOW 5.7 MEDIUM
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-6080 1 Ibm 1 Websphere Message Broker 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
CVE-2017-1369 1 Ibm 1 Rational Engineering Lifecycle Manager 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862.
CVE-2017-1378 1 Ibm 1 Tivoli Storage Manager 2025-04-20 2.1 LOW 7.8 HIGH
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
CVE-2016-5888 1 Ibm 1 Interact 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 115084.
CVE-2017-1247 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627.
CVE-2017-1225 1 Ibm 1 Bigfix Platform 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904.
CVE-2016-6045 1 Ibm 1 Tivoli Storage Manager 2025-04-20 6.8 MEDIUM 8.8 HIGH
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2017-1536 1 Ibm 1 Websphere Portal 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733.
CVE-2016-9972 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208.