Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2862 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4747 | 1 Ibm | 1 Sametime | 2025-04-12 | 2.1 LOW | N/A |
| The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser. | |||||
| CVE-2014-4807 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2025-04-12 | 4.0 MEDIUM | N/A |
| Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character. | |||||
| CVE-2014-0448 | 3 Ibm, Microsoft, Oracle | 4 Forms Viewer, Windows, Jdk and 1 more | 2025-04-12 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2014-6190 | 1 Ibm | 1 Workload Deployer | 2025-04-12 | 5.0 MEDIUM | N/A |
| The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document. | |||||
| CVE-2015-0105 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-3033 | 1 Ibm | 1 Appscan Source | 2025-04-12 | 5.5 MEDIUM | 8.1 HIGH |
| IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-0139 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-8904 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 7.2 HIGH | N/A |
| lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||||
| CVE-2015-1986 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 10.0 HIGH | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. | |||||
| CVE-2015-7456 | 1 Ibm | 1 Spectrum Scale | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. | |||||
| CVE-2016-3039 | 1 Ibm | 1 Traveler | 2025-04-12 | 8.5 HIGH | 8.1 HIGH |
| IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-3060 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-12 | 3.5 LOW | 5.7 MEDIUM |
| Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-2861 | 1 Ibm | 1 Websphere Extreme Scale | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-4992 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 3.5 LOW | N/A |
| IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2015-4936 | 1 Ibm | 1 Websphere Extreme Scale | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2015-0133 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-5433 | 1 Ibm | 1 Infosphere Optim Data Growth Solution For Siebel Crm | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document. | |||||
| CVE-2015-4940 | 2 Apache, Ibm | 2 Ambari, Infosphere Biginsights | 2025-04-12 | 2.1 LOW | N/A |
| Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2013-3981 | 1 Ibm | 1 Sametime | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. | |||||