Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1093 | 1 Ibm | 1 Aix | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. | |||||
| CVE-2016-9975 | 1 Ibm | 2 Dashboard Application Services Hub, Jazz For Service Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. | |||||
| CVE-2016-5959 | 1 Ibm | 1 Security Privileged Identity Manager | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136. | |||||
| CVE-2017-1549 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. | |||||
| CVE-2017-1258 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 | |||||
| CVE-2016-0203 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to. | |||||
| CVE-2017-1628 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. | |||||
| CVE-2017-1698 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. | |||||
| CVE-2016-9979 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. | |||||
| CVE-2016-8920 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-8951 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838. | |||||
| CVE-2016-8999 | 1 Ibm | 3 Infosphere Datastage, Infosphere Information Server, Infosphere Information Server On Cloud | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS. | |||||
| CVE-2017-1490 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. | |||||
| CVE-2016-8934 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1169 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188. | |||||
| CVE-2016-0308 | 1 Ibm | 1 Connections | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. | |||||
| CVE-2017-1297 | 3 Ibm, Linux, Microsoft | 8 Data Server Client, Data Server Driver For Odbc And Cli, Data Server Driver Package and 5 more | 2025-04-20 | 4.4 MEDIUM | 7.3 HIGH |
| IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159. | |||||
| CVE-2016-9698 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | 7.5 HIGH | 8.1 HIGH |
| IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960. | |||||
| CVE-2017-1110 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915. | |||||
| CVE-2017-1336 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | 3.6 LOW | 4.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | |||||