Filtered by vendor Ibm
Subscribe
Total
7797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1122 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 6.9 MEDIUM | 7.4 HIGH |
| IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174. | |||||
| CVE-2016-9989 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555. | |||||
| CVE-2017-1546 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. | |||||
| CVE-2017-1503 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. | |||||
| CVE-2017-1598 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. | |||||
| CVE-2016-6043 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
| Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | |||||
| CVE-2016-0394 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | |||||
| CVE-2016-6039 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2014-8900 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. | |||||
| CVE-2017-1223 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. | |||||
| CVE-2017-1504 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. | |||||
| CVE-2017-1170 | 1 Ibm | 1 Websphere Commerce | 2025-04-20 | 4.6 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230. | |||||
| CVE-2016-5880 | 1 Ibm | 2 Domino, Inotes | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-0270 | 1 Ibm | 3 Client Application Access, Domino, Notes | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. | |||||
| CVE-2016-5919 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. | |||||
| CVE-2017-1327 | 1 Ibm | 1 Inotes | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062. | |||||
| CVE-2017-1240 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. | |||||
| CVE-2017-1494 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692. | |||||
| CVE-2016-5941 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-6080 | 1 Ibm | 1 Websphere Message Broker | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | |||||