Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7797 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0297 1 Ibm 1 Bigfix Platform 2025-04-20 4.3 MEDIUM 3.7 LOW
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.
CVE-2017-1232 1 Ibm 1 Bigfix Platform 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911.
CVE-2016-8977 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
CVE-2016-0214 1 Ibm 1 Bigfix Platform 2025-04-20 6.8 MEDIUM 7.8 HIGH
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file.
CVE-2017-1171 1 Ibm 1 Tririga Application Platform 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.
CVE-2017-1491 1 Ibm 1 Qradar Network Security 2025-04-20 5.0 MEDIUM 7.5 HIGH
IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689.
CVE-2017-1159 1 Ibm 1 Business Process Manager 2025-04-20 4.9 MEDIUM 5.4 MEDIUM
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891.
CVE-2016-8971 1 Ibm 1 Websphere Mq 2025-04-20 6.8 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.
CVE-2017-1211 1 Ibm 1 Daeja Viewone 2025-04-20 1.9 LOW 2.5 LOW
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851.
CVE-2017-1301 1 Ibm 1 Tivoli Storage Manager 2025-04-20 3.6 LOW 5.5 MEDIUM
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
CVE-2016-0320 1 Ibm 1 Urbancode Deploy 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.
CVE-2017-1169 1 Ibm 1 Rational Collaborative Lifecycle Management 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.
CVE-2016-2969 1 Ibm 1 Sametime 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.
CVE-2016-6113 1 Ibm 2 Domino, Inotes 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-9983 1 Ibm 1 Sterling B2b Integrator 2025-04-20 3.5 LOW 5.3 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275.
CVE-2015-0110 1 Ibm 2 Business Process Manager, Websphere Application Server 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
CVE-2016-9696 1 Ibm 1 Rational Rhapsody Design Manager 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960.
CVE-2017-1650 1 Ibm 1 Rational Doors Next Generation 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133260.
CVE-2017-1452 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2025-04-20 7.2 HIGH 7.8 HIGH
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.
CVE-2016-6061 1 Ibm 1 Rational Collaborative Lifecycle Management 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.