Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0599 | 1 Ibm | 1 Rational Directory Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code. | |||||
| CVE-2012-2175 | 1 Ibm | 1 Lotus Inotes | 2025-04-11 | 9.3 HIGH | N/A |
| Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2012-3315 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. | |||||
| CVE-2012-5762 | 1 Ibm | 1 Netezza | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vectors involving the MHTML protocol. | |||||
| CVE-2012-2179 | 1 Ibm | 1 Aix | 2025-04-11 | 6.9 MEDIUM | N/A |
| libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2013-5395 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 7.5 HIGH | N/A |
| IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2011-1317 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses. | |||||
| CVE-2012-0202 | 1 Ibm | 1 Cognos Tm1 | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data. | |||||
| CVE-2013-2993 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 5.8 MEDIUM | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | |||||
| CVE-2010-3060 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors. | |||||
| CVE-2011-4061 | 1 Ibm | 2 Db2, Tivoli Monitoring For Databases | 2025-04-11 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header. | |||||
| CVE-2013-6305 | 1 Ibm | 1 Platform Symphony | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key. | |||||
| CVE-2008-7299 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field. | |||||
| CVE-2010-2323 | 1 Ibm | 2 Websphere Application Server, Zos | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. | |||||
| CVE-2013-0511 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2014-0853 | 1 Ibm | 1 Rational Focal Point | 2025-04-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3736 | 1 Ibm | 1 Db2 | 2025-04-11 | 4.0 MEDIUM | N/A |
| Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server. | |||||
| CVE-2011-1359 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2012-3316 | 1 Ibm | 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 4 more | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4465 | 1 Ibm | 1 Lotus Mobile Connect | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. | |||||