Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9747 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-9992 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | |||||
| CVE-2016-9982 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. | |||||
| CVE-2016-0202 | 1 Ibm | 1 Cloud Orchestrator | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. | |||||
| CVE-2017-1485 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623. | |||||
| CVE-2017-1688 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063. | |||||
| CVE-2017-1218 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858. | |||||
| CVE-2016-3020 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content. | |||||
| CVE-2016-5899 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6046 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1484 | 1 Ibm | 1 Websphere Commerce | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. | |||||
| CVE-2016-3046 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database. | |||||
| CVE-2016-8973 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. | |||||
| CVE-2017-1442 | 1 Ibm | 1 Emptoris Services Procurement | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107. | |||||
| CVE-2017-1569 | 1 Ibm | 1 Websphere Commerce | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. | |||||
| CVE-2017-1120 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152. | |||||
| CVE-2017-1146 | 1 Ibm | 1 Content Navigator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736. | |||||
| CVE-2016-6097 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | 2.1 LOW | 4.0 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2016-2977 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937. | |||||
| CVE-2017-1285 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. | |||||