Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5894 | 1 Ibm | 1 Websphere Commerce | 2025-04-20 | 1.9 LOW | 5.1 MEDIUM |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408. | |||||
| CVE-2017-1460 | 1 Ibm | 1 I | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379. | |||||
| CVE-2017-1348 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524. | |||||
| CVE-2017-1378 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875. | |||||
| CVE-2017-1583 | 1 Ibm | 1 Liberty | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. | |||||
| CVE-2017-1125 | 1 Ibm | 1 Cognos Business Intelligence Server | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340. | |||||
| CVE-2017-1287 | 1 Ibm | 1 Rhapsody Design Manager | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2016-5980 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1335 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243. | |||||
| CVE-2017-1266 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. | |||||
| CVE-2017-1201 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676. | |||||
| CVE-2016-9986 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552. | |||||
| CVE-2016-9000 | 1 Ibm | 2 Infosphere Datastage, Infosphere Information Server On Cloud | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks. | |||||
| CVE-2016-3017 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | |||||
| CVE-2016-8943 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1305 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459. | |||||
| CVE-2017-1257 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. | |||||
| CVE-2016-9697 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | 2.1 LOW | 3.1 LOW |
| An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960. | |||||
| CVE-2017-1757 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | |||||
| CVE-2016-2974 | 1 Ibm | 1 Sametime | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934. | |||||