Filtered by vendor Ibm
Subscribe
Total
7797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5889 | 1 Ibm | 1 Interact | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085. | |||||
| CVE-2017-1152 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. | |||||
| CVE-2016-2980 | 1 Ibm | 1 Sametime | 2025-04-20 | 6.8 MEDIUM | 6.3 MEDIUM |
| The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993. | |||||
| CVE-2016-8986 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648. | |||||
| CVE-2016-0206 | 1 Ibm | 1 Cloud Orchestrator | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. | |||||
| CVE-2017-1141 | 1 Ibm | 1 Insights Foundation For Energy | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. | |||||
| CVE-2016-9694 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960. | |||||
| CVE-2016-5979 | 1 Ibm | 1 Distributed Marketing | 2025-04-20 | 4.0 MEDIUM | 2.7 LOW |
| IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379. | |||||
| CVE-2017-1569 | 1 Ibm | 1 Websphere Commerce | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. | |||||
| CVE-2017-1497 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | |||||
| CVE-2016-9008 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | |||||
| CVE-2015-7493 | 1 Ibm | 1 Infosphere Information Server | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. | |||||
| CVE-2017-1098 | 1 Ibm | 1 Emptoris Supplier Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658. | |||||
| CVE-2017-1551 | 1 Ibm | 1 Api Connect | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291. | |||||
| CVE-2016-8232 | 1 Ibm | 3 Advanced Management Module, Advanced Management Module Firmware, Bladecenter | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. | |||||
| CVE-2017-1333 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241. | |||||
| CVE-2017-1382 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 3.6 LOW | 7.1 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. | |||||
| CVE-2015-0114 | 1 Ibm | 1 I Access For Windows | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. | |||||
| CVE-2014-4843 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. | |||||
| CVE-2016-3017 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | |||||