Filtered by vendor Ibm
Subscribe
Total
7819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0903 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. | |||||
| CVE-2008-5411 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2009-2093 | 1 Ibm | 1 Websphere Partner Gateway | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1520 | 1 Ibm | 2 Tivoli Storage Manager Client, Tivoli Storage Manager Express | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-0834 | 1 Ibm | 1 Lotus Quickr | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-0949 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. | |||||
| CVE-2009-2089 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 2.1 LOW | N/A |
| The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file. | |||||
| CVE-2008-4809 | 1 Ibm | 1 Lotus Connections | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5324 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
| The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. | |||||
| CVE-2008-4294 | 1 Ibm | 1 Tivoli Netcool Webtop | 2025-04-09 | 7.2 HIGH | N/A |
| IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun. | |||||
| CVE-2007-4355 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2008-1705 | 1 Ibm | 1 Soliddb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | |||||
| CVE-2009-0503 | 1 Ibm | 1 Websphere Message Broker | 2025-04-09 | 2.1 LOW | N/A |
| IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. | |||||
| CVE-2009-4152 | 1 Ibm | 1 Websphere Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. | |||||
| CVE-2006-6136 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. | |||||
| CVE-2008-0354 | 1 Ibm | 1 Lotus Sametime | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. | |||||
| CVE-2009-1178 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line." | |||||
| CVE-2007-6050 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory." | |||||
| CVE-2008-1600 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329. | |||||
| CVE-2008-5324 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||