Vulnerabilities (CVE)

Filtered by CWE-264
Total 5268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5020 1 Ibm 1 Infosphere Biginsights 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors.
CVE-2015-5019 1 Ibm 2 Sterling B2b Integrator, Sterling Integrator 2026-06-17 5.5 MEDIUM N/A
IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement.
CVE-2015-5005 1 Ibm 2 Aix, Powerha System Mirror 2026-06-17 8.5 HIGH N/A
CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list.
CVE-2015-4997 1 Ibm 1 Websphere Portal 2026-06-17 6.8 MEDIUM N/A
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.
CVE-2015-4964 1 Ibm 1 Urbancode Deploy 2026-06-17 6.0 MEDIUM N/A
IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.
CVE-2015-4948 1 Ibm 2 Aix, Vios 2026-06-17 6.9 MEDIUM N/A
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.
CVE-2015-4946 1 Ibm 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more 2026-06-17 2.1 LOW 3.3 LOW
Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors.
CVE-2015-4927 1 Ibm 1 Tivoli Storage Manager 2026-06-17 7.2 HIGH N/A
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.
CVE-2015-4685 1 Polycom 1 Realpresence Resource Manager 2026-06-17 4.4 MEDIUM 7.0 HIGH
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
CVE-2015-4683 1 Polycom 1 Realpresence Resource Manager 2026-06-17 7.5 HIGH 9.8 CRITICAL
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
CVE-2015-4650 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 10.0 HIGH 9.8 CRITICAL
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.
CVE-2015-4629 1 Huawei 2 E5756s, E5756s Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.
CVE-2015-4596 1 Lenovo 1 Mouse Suite 2026-06-17 4.6 MEDIUM 7.8 HIGH
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
CVE-2015-4548 1 Rsa 1 Web Threat Detection 2026-06-17 7.2 HIGH N/A
EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file.
CVE-2015-4545 1 Emc 1 Isilon Onefs 2026-06-17 9.0 HIGH 8.0 HIGH
EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.
CVE-2015-4544 1 Emc 1 Documentum Content Server 2026-06-17 9.0 HIGH N/A
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.
CVE-2015-4542 1 Emc 1 Rsa Archer Grc 2026-06-17 6.5 MEDIUM N/A
EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors.
CVE-2015-4535 1 Emc 1 Documentum Content Server 2026-06-17 7.5 HIGH N/A
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket.
CVE-2015-4533 1 Emc 1 Documentum Content Server 2026-06-17 9.0 HIGH N/A
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.
CVE-2015-4532 1 Emc 1 Documentum Content Server 2026-06-17 9.0 HIGH N/A
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514.