Filtered by vendor Ibm
Subscribe
Total
7797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1445 | 1 Ibm | 1 Emptoris Spend Analysis | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170. | |||||
| CVE-2016-10503 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803. | |||||
| CVE-2016-8975 | 1 Ibm | 1 Rhapsody Design Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912. | |||||
| CVE-2016-6114 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352. | |||||
| CVE-2016-5942 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1133 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534. | |||||
| CVE-2016-6068 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. | |||||
| CVE-2017-1310 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569. | |||||
| CVE-2017-1596 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550. | |||||
| CVE-2017-1276 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751. | |||||
| CVE-2015-0104 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-6028 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. | |||||
| CVE-2017-1262 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737. | |||||
| CVE-2016-0354 | 1 Ibm | 1 Sametime | 2025-04-20 | 6.0 MEDIUM | 5.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | |||||
| CVE-2016-9691 | 1 Ibm | 1 Websphere Cast Iron Solution | 2025-04-20 | 9.0 HIGH | 8.6 HIGH |
| IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. | |||||
| CVE-2016-8951 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838. | |||||
| CVE-2016-0254 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563. | |||||
| CVE-2016-6018 | 1 Ibm | 1 Emptoris Contract Management | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738. | |||||
| CVE-2017-1424 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477. | |||||
| CVE-2016-8961 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||