Filtered by vendor Ibm
Subscribe
Total
7811 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0922 | 1 Ibm | 2 Messagesight, Messagesight Jms Client | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data. | |||||
| CVE-2016-2894 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-12 | 2.1 LOW | 2.5 LOW |
| IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions. | |||||
| CVE-2015-1907 | 1 Ibm | 1 Rational License Key Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors. | |||||
| CVE-2014-8924 | 1 Ibm | 2 License Metric Tool, Tivoli Asset Discovery For Distributed | 2025-04-12 | 6.4 MEDIUM | N/A |
| The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-4778 | 1 Ibm | 2 Endpoint Manager Family, License Metric Tool | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element. | |||||
| CVE-2015-8520 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522. | |||||
| CVE-2014-6210 | 1 Ibm | 2 Db2, Db2 Connect | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements. | |||||
| CVE-2014-0895 | 1 Ibm | 1 Spss Samplepower | 2025-04-12 | 7.5 HIGH | N/A |
| Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList property value. | |||||
| CVE-2015-7410 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
| The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2013-6318 | 1 Ibm | 1 Algo One | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6129 | 1 Ibm | 5 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Quality Manager and 2 more | 2025-04-12 | 5.5 MEDIUM | N/A |
| IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors. | |||||
| CVE-2014-6133 | 1 Ibm | 1 Api Management | 2025-04-12 | 2.1 LOW | N/A |
| IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors. | |||||
| CVE-2016-0339 | 1 Ibm | 1 Security Identity Manager Adapter | 2025-04-12 | 4.3 MEDIUM | 5.6 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records." | |||||
| CVE-2015-7431 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-7466 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | 4.0 MEDIUM | 3.1 LOW |
| Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors. | |||||
| CVE-2015-7439 | 1 Ibm | 4 Rational Software Architect, Rational Software Architect For Websphere Software, Rational Software Architect For Websphere Software\' and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0281 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | |||||
| CVE-2015-7468 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors. | |||||
| CVE-2016-2952 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||||
| CVE-2014-0920 | 1 Ibm | 1 Spss Analytic Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||