Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9972 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208. | |||||
| CVE-2016-2969 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. | |||||
| CVE-2016-9706 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | 8.5 HIGH | 9.1 CRITICAL |
| IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. | |||||
| CVE-2016-0206 | 1 Ibm | 1 Cloud Orchestrator | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. | |||||
| CVE-2016-9723 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534. | |||||
| CVE-2016-8948 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835. | |||||
| CVE-2016-6029 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881. | |||||
| CVE-2017-1180 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084. | |||||
| CVE-2017-1274 | 1 Ibm | 1 Domino | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749. | |||||
| CVE-2016-5941 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2017-1355 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682. | |||||
| CVE-2017-1577 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. | |||||
| CVE-2016-5935 | 1 Ibm | 2 Dashboard Application Services Hub, Jazz For Service Management | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2016-2967 | 1 Ibm | 1 Sametime | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848. | |||||
| CVE-2016-6084 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 3.3 LOW | 6.5 MEDIUM |
| IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | |||||
| CVE-2016-9730 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549. | |||||
| CVE-2017-1376 | 1 Ibm | 1 Operations Analytics Predictive Insights | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873. | |||||
| CVE-2017-1370 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | |||||
| CVE-2016-0296 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | |||||
| CVE-2016-6000 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||