Filtered by vendor Ibm
Subscribe
Total
7378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1218 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858. | |||||
| CVE-2017-1254 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. | |||||
| CVE-2016-9978 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. | |||||
| CVE-2017-1156 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 | |||||
| CVE-2017-1555 | 1 Ibm | 1 Api Connect | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. | |||||
| CVE-2016-8963 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2017-1271 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746. | |||||
| CVE-2016-5899 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-3015 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887. | |||||
| CVE-2017-1428 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583. | |||||
| CVE-2016-9723 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534. | |||||
| CVE-2016-0218 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2016-2978 | 1 Ibm | 1 Sametime | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938. | |||||
| CVE-2017-1374 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. | |||||
| CVE-2017-1164 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036. | |||||
| CVE-2017-1453 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372. | |||||
| CVE-2016-5893 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336. | |||||
| CVE-2016-6103 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2017-1407 | 1 Ibm | 3 Security Identity Governance And Intelligence, Security Identity Manager, Security Privileged Identity Manager | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394. | |||||
| CVE-2017-1757 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | |||||