Filtered by vendor Ibm
Subscribe
Total
7809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6042 | 1 Ibm | 1 Security Appscan | 2025-04-20 | 9.3 HIGH | 7.3 HIGH |
| IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim. | |||||
| CVE-2017-1346 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 1.9 LOW | 2.5 LOW |
| IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. | |||||
| CVE-2016-0238 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 | |||||
| CVE-2015-0107 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. | |||||
| CVE-2017-1146 | 1 Ibm | 1 Content Navigator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736. | |||||
| CVE-2016-3018 | 1 Ibm | 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1694 | 1 Ibm | 1 Integration Bus | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. | |||||
| CVE-2016-8925 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538. | |||||
| CVE-2016-0228 | 1 Ibm | 1 Marketing Platform | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236. | |||||
| CVE-2017-1289 | 1 Ibm | 1 Sdk | 2025-04-20 | 6.4 MEDIUM | 8.2 HIGH |
| IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. | |||||
| CVE-2017-1552 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396. | |||||
| CVE-2017-1212 | 1 Ibm | 1 Daeja Viewone | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. | |||||
| CVE-2017-1751 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546. | |||||
| CVE-2016-6077 | 1 Ibm | 1 Cognos Disclosure Management | 2025-04-20 | 6.8 MEDIUM | 5.3 MEDIUM |
| IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. | |||||
| CVE-2016-2973 | 1 Ibm | 1 Sametime | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899. | |||||
| CVE-2017-1460 | 1 Ibm | 1 I | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379. | |||||
| CVE-2016-3048 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711. | |||||
| CVE-2017-1151 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293. | |||||
| CVE-2016-8936 | 1 Ibm | 1 Social Rendering Templates For Digital Data Connector | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-0265 | 1 Ibm | 1 Campaign | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||