Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1205 | 1 Ibm | 1 Spectrum Lsf | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. | |||||
| CVE-2017-1249 | 1 Ibm | 1 Rhapsody Design Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2015-0107 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. | |||||
| CVE-2016-9737 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200. | |||||
| CVE-2015-0194 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. | |||||
| CVE-2017-1558 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548. | |||||
| CVE-2016-8961 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2017-1130 | 1 Ibm | 1 Inotes | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371. | |||||
| CVE-2016-2908 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. | |||||
| CVE-2017-1203 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678. | |||||
| CVE-2017-1178 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430. | |||||
| CVE-2016-9731 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1331 | 1 Ibm | 1 Content Navigator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233. | |||||
| CVE-2016-6099 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. | |||||
| CVE-2016-5889 | 1 Ibm | 1 Interact | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085. | |||||
| CVE-2017-1553 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397. | |||||
| CVE-2016-8930 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 6.5 MEDIUM | 7.6 HIGH |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2016-8987 | 1 Ibm | 1 Maximo Asset Management | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. | |||||
| CVE-2016-8981 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2017-1102 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663. | |||||