Filtered by vendor Ibm
Subscribe
Total
7811 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4960 | 1 Ibm | 1 Infosphere Master Data Management | 2025-04-12 | 3.5 LOW | 4.1 MEDIUM |
| IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2014-8916 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144. | |||||
| CVE-2014-3088 | 1 Ibm | 1 Sametime Meeting Server | 2025-04-12 | 5.5 MEDIUM | N/A |
| stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload. | |||||
| CVE-2014-0945 | 1 Ibm | 1 Operational Decision Manager | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-8918 | 1 Ibm | 1 Security Appscan | 2025-04-12 | 5.8 MEDIUM | N/A |
| IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-7407 | 1 Ibm | 1 Mashups Center | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2014-0968 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document. | |||||
| CVE-2013-5423 | 1 Ibm | 1 Flex System Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. | |||||
| CVE-2015-1772 | 2 Apache, Ibm | 2 Hive, Infosphere Biginsights | 2025-04-12 | 4.3 MEDIUM | 7.3 HIGH |
| The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request. | |||||
| CVE-2015-5019 | 1 Ibm | 2 Sterling B2b Integrator, Sterling Integrator | 2025-04-12 | 5.5 MEDIUM | N/A |
| IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. | |||||
| CVE-2016-2944 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2015-1941 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 7.8 HIGH | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port. | |||||
| CVE-2015-4956 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 6.5 MEDIUM | 7.4 HIGH |
| The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. | |||||
| CVE-2015-0141 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. | |||||
| CVE-2014-4766 | 1 Ibm | 1 Classic Meeting Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file. | |||||
| CVE-2014-3086 | 1 Ibm | 3 Lotus Domino, Lotus Notes, Websphere Real Time | 2025-04-12 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager. | |||||
| CVE-2016-2932 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. | |||||
| CVE-2015-1895 | 1 Ibm | 1 Optim Workload Replay | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior. | |||||
| CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2025-04-12 | 4.3 MEDIUM | 3.4 LOW |
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |||||
| CVE-2014-6107 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | |||||