Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1457 1 Ibm 1 Qradar Network Security 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376.
CVE-2016-8998 1 Ibm 1 Tivoli Storage Manager 2025-04-20 6.0 MEDIUM 7.2 HIGH
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.
CVE-2016-9000 1 Ibm 2 Infosphere Datastage, Infosphere Information Server On Cloud 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.
CVE-2016-5894 1 Ibm 1 Websphere Commerce 2025-04-20 1.9 LOW 5.1 MEDIUM
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.
CVE-2016-6035 1 Ibm 2 Rational Quality Manager, Rational Team Concert 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.
CVE-2016-9750 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.
CVE-2016-3031 1 Ibm 1 Cognos Analytics 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.
CVE-2016-2977 1 Ibm 1 Sametime 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.
CVE-2016-9733 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Team Concert 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762.
CVE-2017-1105 3 Ibm, Linux, Microsoft 8 Data Server Client, Data Server Driver For Odbc And Cli, Data Server Driver Package and 5 more 2025-04-20 3.6 LOW 7.1 HIGH
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.
CVE-2016-9973 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
CVE-2016-9732 1 Ibm 1 Curam Social Program Management 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.
CVE-2016-0296 1 Ibm 1 Bigfix Platform 2025-04-20 2.1 LOW 3.3 LOW
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
CVE-2016-3021 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 4.0 MEDIUM 2.7 LOW
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
CVE-2017-1137 1 Ibm 1 Websphere Application Server 2025-04-20 6.8 MEDIUM 8.1 HIGH
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.
CVE-2015-0162 1 Ibm 1 Security Siteprotector System 2025-04-20 6.9 MEDIUM 7.0 HIGH
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
CVE-2017-1148 1 Ibm 1 Openpages Grc Platform 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.
CVE-2016-8973 1 Ibm 1 Rational Rhapsody Design Manager 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.
CVE-2017-1439 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2025-04-20 7.2 HIGH 6.7 MEDIUM
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.
CVE-2017-1226 1 Ibm 1 Bigfix Platform 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905.